xRM Security

Security in CRM

• (Mostly) method of giving / restricting data (and data operations)
• As well as data;
• Security Roles
• Organisation Chart
• 3 Dimensional “Matrix”
• A ‘Copy Of’ Active Directory
• A Business Unit is a separate functional area

Privileges

• Update – Write
• Update – these are xRM platform operations
• Append
• Participate in relationship
• Append To
• Participate in relationship
• Assign
• Change Owner
• Share
• Allow others visibility

Possible Starting Point(s)

• Can Unify Security Model across (Unified Data Management):
• Microsoft
• Active Directory
• Exchange
• SharePoint
• Dynamics CRM 
• Etc …
• Do this by matching categorisations (e.g. Active Directory Group = Dynamics CRM Security Role, Active Directory Folder = Dynamics CRM Business Entity etc …)
• And so also remember to give a user access to an entity give the user access to a group with access to that entity not the entity directly
• Possible Starting Point: Use Active Directory Security Design Principles …
• Establish a Generic Data Management policy at the same time
• Another Starting Point: Security Roles designed for your Vertical Industry or closest other vertical

A few hints

• Try and keep as ‘flat’ as possible - no need to represent every ‘level’ of the hierarchy just for the sake of it
• Once again, a business unit could be a:
• Functional Unit
• Division
• Therefore FINALISE a ‘flat’ Org Chart with the users and assign users to appropriate business units
• And then a Security Role could correspond to a particular job function(s) – and then FINALISE Job Functions with the users
• Hence no need to ‘drill down’ into individual privileges on each business entity initially
• Minimise Redundancy Tip: In Security Roles create a ‘base’ security role(s) and add privileges to that
• You could also look at it from the purpose of ‘restricting’ data and the data different users can access – start by giving everyone everything