locked
Unable to understand purpose of record based security when MS CRM has role based security RRS feed

  • Question

  • Hi ,

    I went through several links trying to understand simple concept of record based security.

    https://msdn.microsoft.com/en-us/library/gg334673.aspx

    Microsoft says 

    "Record-based security in Microsoft Dynamics CRM 2016 and Microsoft Dynamics CRM Online applies to individual records. It is provided by using access rights.

    The relationship between an access right and a privilege is that access rights apply only after privileges have taken effect. For example, if a user does not have the privilege to read accounts, that user is unable to read any account, regardless of the access rights another user might grant to a specific account through sharing."

    I am confused as if particular user has read privilege on entity by means of his role then what is the purpose of adding one more security level they called Record Based Security and give him same read privilege but on record level.

    I would be grateful is someone can assist me regarding this.

    Any suggestions are more than welcome.

    Thanks

    Om


    Thursday, January 28, 2016 7:14 AM

All replies

  • Record-based security is only used to give additional rights that a user does not have via security roles. However, if you need to give permissions on a per-record basis, you would typically give minimal permission on the relevant entity via security roles (e.g. only user-level access so the user initially can only access records they own), so the record-based security could give permission on additional records

    The second paragraph in you quote refers to a specific optimisation within CRM. If a user has no rights to an entity via security roles, then they will not be able to access that entity, irrespective of any record-based rights they have been granted. So, if you are going to use record-based rights on an entity, then all users who might use these will need minimal (i.e. user-level read access) on this entity via security roles


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Thursday, January 28, 2016 10:32 AM
    Moderator