Dynamics 365 Security Role Terminologies

Security Roles define how users access different types of records.  Controlling access to data, you can modify an existing security role, copy or create security roles, and change which security roles are assigned to each Business Unit, Team or User.

Security Roles privileges are cumulative, so if one security roles are set to None, and another is set to Global, you will have global privileges.

The terminologies for Dynamics 365 (D365) are basically the following terms:

• Security Roles:
  • Are a matrix of privileges and access levels for the various entities.  The entities are grouped under different tabs based on their functionality.
  • These groups include: Core Records, Marketing, Sales, Service, Business Management, Service Management, Customization, and Custom Entities.
• Privileges – Record-level privileges:
  • Create:  Required to create a new record.
  • Read:  Required to open and view the content of a record.
  • Write:  Required to make changes to a record.
  • Delete:  Required to permanently remove a record.
  • Append:  Required to associate the current record with another record. Such as Activity or Note.
  • Append To:  Required to associate a record with the current record.
  • Assign:  Required to give ownership of a record to another user.
  • Share:  Required to give access to a record to another user while keeping their own access.
• Access levels – for the Privilege:
  • Organization (Global): This is a global setting to give users access to all records in the organization.
  • Parent: Child Business Unit (Deep):  This access level gives a user access to records in the user’s business unit and all subordinate business units.
  • Business Unit (Local): This access level gives user access to records in the user’s business unit.
  • User (Basic):  This access level gives a user access to records that the user owns, objects that are shared with the user, and objects that are shared with a team that the user is a member of.
  • None:  No access is allowed.
• Entities:
  • Entities are the options in the Security Role, that will apply the proper privileges and access levels.
• Field Level Security:
  • It is used to restrict access to specific high business impact fields in an entity to specific users or teams.  This applies after privileges have taken effect.

• Business Unit:
  • A logical grouping of related business activities.  The business unit is the foundation of security in D365. Every user has to be part of a BU.
• Team Privileges:
  • A collection of users who can belong to the same or different business units.  Teams facilitate easy sharing and also the ability to share security roles to groups of users.  Users can have multiple teams assigned.
• User Privileges:
  • Users can only have one default Business Unit and need at least one Security Role assigned.  If a user is in multiple teams across multiple business units, they will see records for all business units.

 

References:

• https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges
• https://crmbook.powerobjects.com/system-administration/business-administration/security-roles/
• https://community.dynamics.com/crm/b/sandeepmishracrmblog/posts/business-units
• https://docs.microsoft.com/en-us/dynamics365/marketing/manage-teams