locked
security RRS feed

  • Question

  • hi there
    i am wondering , lets say we have a new user came to office and he started using CRM offline version , what is the possible way to secure the accounts so that he wont be able to synchronize them to outlook or even can export the account list from the account entity , note that this guy is a sales manager but in other terms the company doesnt trust him so far :D

    any clue how to secure that ?
    thanks

    Monday, January 18, 2010 3:05 PM

Answers

  • the response I provided allows you to accomplish the following from your original post:

    "to secure the accounts so that he wont be able to synchronize them to outlook or even can export the account list from the account entity"

    If you want to lock this further, you can modify the user's security role so that he can not see accounts that he does not own, thereby applying a greater limitation.  You'll need to balance the rights you provide against the work the user is required to perform to ensure the user has enough rights to complete his job responsibility.
    Best Regards, Donna
    • Proposed as answer by Donna EdwardsMVP Tuesday, January 19, 2010 1:44 PM
    • Marked as answer by Jim Glass Jr Tuesday, January 19, 2010 7:49 PM
    Tuesday, January 19, 2010 1:44 PM

All replies

  • For the offline client, you can remove the data group for Accounts so that he can not sync them.  However, he could put the data group back.  The best way to lock down the functionality for the offline sync and the export feature is to remove the right in the user's security role. 

    In the security role, go to Business Management tab and remove the Export To Excel right and the Sync To Outlook.  You can also consider removing the Go Offline right as well.  Understand that removing the Sync to Outlook also means that the user will not be able to sync tasks, appointments and other CRM Outlook Client functionality will be limited.  You can test out the 3 rights to identify the settings that provide the greatest flexibility yet secure the data understanding that there will be some trade off.


    Best Regards, Donna
    Monday, January 18, 2010 3:54 PM
  • You can use also codeplex tool http://crm40admin.codeplex.com/ where you can define if user can synchronize group of data like contacts

    My Dynamics CRM Blog: http://bovoweb.blogspot.com
    Monday, January 18, 2010 11:23 PM
  • thanks folks for the answers
    as far as you all answered we can secure it but the problem is we cant 100% secure it :S , so there is always a way to pull info back , i just wanted to confirm that :)
    Tuesday, January 19, 2010 5:24 AM
  • the response I provided allows you to accomplish the following from your original post:

    "to secure the accounts so that he wont be able to synchronize them to outlook or even can export the account list from the account entity"

    If you want to lock this further, you can modify the user's security role so that he can not see accounts that he does not own, thereby applying a greater limitation.  You'll need to balance the rights you provide against the work the user is required to perform to ensure the user has enough rights to complete his job responsibility.
    Best Regards, Donna
    • Proposed as answer by Donna EdwardsMVP Tuesday, January 19, 2010 1:44 PM
    • Marked as answer by Jim Glass Jr Tuesday, January 19, 2010 7:49 PM
    Tuesday, January 19, 2010 1:44 PM