Mapping the Basic User to Security Role Settings – Suggestions


In Dynamics CRM we have three types of User Subscription Licenses (USLs); Professional, Basic, and Essential

  1. Professional users has full rights to ‘everything’ in CRM
  2. Essential users has rights to custom entities primarily
  3. Basic users sits sort of in-between, in terms of use rights

Note – A fourth USL (Enterprise) is available. Its equivalent to Professional plus Dynamics Marketing, Social Care (specific markets) and Unified Service Desk.

Each of the above licenses has a different price point; if Professional is 4X then Basic is approximately 2X, and Essential is X. Hence its often of interest to the customer to ‘get the right mix’ between Professional and Basic users, ending up with the optimal average price point.

The Basic user has full access to eg the Account, Contact, Lead, and Case entitites, but have read only/limited use rights to certain entities, eg. Opportunities. Using the Security Role settings in Dynamics CRM you can control what a user can access. Hence mapping the two – the Use Rights of the Basic user to the available Security Role settings – is interesting.

Use Rights for the Basic USL

Appendix A in the “Licensing and Pricing Guide, June 2014” maps CRM Online Use Rights to the Pro, Basic and Essential USL’s.

Security Roles

A security role in Dynamics CRM defines how different users, such as salespeople, access different types of records. To control access to data, you can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Each user can have multiple security roles.

To access the security roles click Settings -> Administration -> Security Roles

In the “New Security Role” dialog you can control what a user with that new role can do in CRM using the various tabs and settings (priveleges and scope) in the dialog.

The tabs are

  • Core Records
  • Marketing
  • Sales
  • Service
  • Business Management
  • Service Management
  • Customizations
  • Custom Entities

The access right/priveleges are

  • Create – create a record
  • Read – read a record
  • Write – make changes to a record
  • Delete – delete a record
  • Append – associate a record to another record
  • Append To – associate entity record to this record
  • Share – give access to a record to another user while keeping your own access
  • Reparent – assign a different parent to entity record

The scopes are

  • None Selected = No access is allowed
  • User = This access level gives a user access to records he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member
  • Business Unit = This access level gives a user access to records in the user’s business unit
  • Parent: Child Business Unit = This access level gives a user access to records in the user’s business unit and all business units subordinate to the user’s business unit
  • Organisation = This access level gives a user access to all records within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs

Mapping Use Rights to Security Role settings for the Basic USL

In the table below I’ve taken the first steps trying to map the Basic USL to CRM Security Role settings. Please note: the below table is a my personal suggestion and by no means authoritive.

The table has six columns:

  1. “Appendix A – Subject” = The left most column (“Use Rights” in the Appendix A above, sorted alphabetically
  2. “Basic”  = Appendix A – Basic User Use Rights (1=Full, 0=None)
  3. “Focus” = What I consider being the deciding context
  4. “USL” = Lists if Basic user has Full or Read access to the entity to the left (the “Focus” Column) according to the simple chart (an interpretation of Figure 5 in the Licensing and Pricing Guide)
  5. “Security Tab” – name of the tab in CRM Security Roles where the setting is to be done
  6. “Security Setting(s) – suggested” = which settings I suggest you look at on the tab

 

Appendix A: Subject

 

Basic

 

Focus

 

USL

 

Security Tab

 

Security: Setting(s)  – suggested

 

Accounts

 

1

 

Accounts

 

 

 

Core

 

Account

 

Activity Management

 

1

 

Activities

 

 

 

Core

 

Activity

 

Add or remove a Customer
for an Account

 

1

 

Customer Relationship

 

Core

 

Customer Relationship

 

Add or remove a Customer Relationship for a Contact

 

1

 

Customer Relationship

 

 

 

Core

 

Customer Relationship

 

Advanced Find Search

 

1

 

Search

 

Associate an Opportunity
with a Contact

 

1

 

Contacts

 

Full

 

Core

 

Opportunity = Append,
Contact = Append To

 

Associate an Opporturity
with an Account

 

1

 

Accounts

 

Full

 

Core

 

Opportunity = Append,
Account = Append To

 

Case Management

 

1

 

Cases

 

Full

 

Service

 

Case

 

Contacts

 

1

 

Contacts

 

Full

 

Core

 

Contact

 

Convert an Activity to a Case

 

1

 

Cases

 

Full

 

Service

 

Case = (Create)

 

Create and Update Announcements

 

1

 

Announcements

 

 

 

Core

 

Announcement

 

Create personal views

 

1

 

Views – Personal

 

 

 

Customization

 

View = (Create)

 

Create, Update, Customize Reports

 

1

 

Reports

 

 

 

Core

 

Report

 

Export data to Microsoft ExceI

 

1

 

Data – Export

 

 

 

Business Management

 

Export to Excel

 

Follow Activity Feeds

 

1

 

Follow

 

 

 

Core

 

Follow

 

Lead Capture

 

1

 

Leads

 

Full

 

Core

 

Lead

 

Lead scoring, routing and assignment

 

1

 

Leads

 

 

 

Manage Saved Views

 

1

 

Views – Saved

 

 

 

Core

 

Saved Views

 

Manage user reports,
user charts,
and user dashboards

 

1

 

Reports, Charts, Dashboards – User

 

Full

 

Core

 

Report,
User Chart,
User Dashboard

 

Microsoft CRM for Outlook

 

1

 

Client UI

 

 

 

Business Management

 

Sync to Outlook,
Go Offline in Outlook

 

Microsoft CRM Web application

 

1

 

Client UI

 

Microsoft Dynamics CRM
for iPad & Windows 8

 

1

 

Client UI

 

 

 

Business Management

 

Use CRM for Tablets

 

Microsoft Dynamics CRM
Mobile Express

 

1

 

Client UI

 

Notes

 

1

 

Notes

 

Full

 

Core

 

Note

 

Perform Mail Merge

 

1

 

Mail Merge

 

 

 

Business Management

 

Mail Merge,
Web Mail Merge,
(Core:Mail Merge Template)

 

Post Activity Feeds

 

1

 

Post

 

Full

 

Core

 

Post

 

Qualify and Convert a
Lead to a Contact

 

1

 

Contacts

 

Full

 

Core

 

At least WRITE on Lead as well as CREATE & WRITE on Contact

 

Qualify and Covert a
Lead to an Account

 

1

 

Accounts

 

 Full

 

Core

 

At least WRITE on Lead as well as CREATE & WRITE on Account

 

Read Articles

 

1

 

Articles

 

 

 

Service

 

Article = (Read)

 

Read Custom Application Data

 

1

 

Data – Custom

 

 

 

Customization:User Application Metadata

 

Read Dynamics CRM
Application Data

 

1

 

Data – CRM Application

 

Read

 

  Core:Application File,
Customization:System Application Metadata

 

Run an automated workflow

 

1

 

Workflows – Automated

 

 

 

Customization

 

Execute Workflow Job

 

Run as an On-demand Process

 

1

 

Processes (Workflows)

 

 

 

Customization

 

Process,
Execute Workflow Job

 

Run Reports

 

1

 

Reports

 

 

 

Core

 

Report

 

Search

 

1

 

Search

 

Shared Calendar

 

1

 

Calendar – Shared

 

 

 

Service Management

 

Calendar

 

SLAs

 

1

 

SLAs

 

 

 

Service Management

 

SLA

 

Start Dialog

 

1

 

Dialogs

 

 

 

Customization

 

Execute Workflow Job

 

Use a Queue item

 

1

 

Queues

 

 

 

Core

 

Queue:Write

 

Use Relationships between Records

 

1

 

Relationships

 

 

 

Core

 

Relationship Role

 

User Charts

 

1

 

Charts – User

 

 

 

Core

 

User Chart

 

User Dashboards

 

1

 

Dashboard – User

 

 

 

Core

 

User Dashboard

 

User Interface Integration for Microsoft Dynamics CRM

 

1

 

View Announcements

 

1

 

Announcements

 

 

 

Core

 

Announcement

 

Write Custom Entity Records

 

1

 

Entities – Custom

 

 

 

Customization

 

Entity = (Write)

 

Yammer Collaboration

 

1

 

Yammer

 

 

 

Customization:Configure Yammer

 

Administer CRM

 

0

 

CRM

 

Article Templates

 

0

 

Articles – Templates

 

 

 

Service

 

Article Templates = No

 

Competitor Tracking

 

0

 

Competitors

 

Read

 

Sales

 

Competitor = Read

 

Configure Auditing

 

0

 

Auditing

 

 

 

Core

 

Delete Audit Partitions = No,
View Audit History,
View Audit Partitions,
View Audit Summary

 

Configure Duplicate-Detection Rules

 

0

 

Duplicate-detection rules

 

 

 

Core

 

Duplicated Detection Rule = No

 

Configure SLA Policies

 

0

 

SLA Policies

 

?

 

Contract Management

 

0

 

Contracts

 

Read

 

Service

 

Contract = (Read)

 

Contract Templates

 

0

 

Contracts – Templates

 

 

 

Service

 

Contract Template = No

 

Convert an Activity to an Opporturity

 

0

 

Opportunities

 

Read

 

Core

 

Opportunities = (Read)

 

Create and Publish Articles

 

0

 

Articles

 

 

 

Service

 

Create = No,
Publish Articles = No

 

Create CRM Forms, Entities, Fields

 

0

 

Forms, entities, fields

 

 

 

Customization

 

Entity = (NOT Create),
Field = (NOT Create)

 

Customize Forms and Views

 

0

 

Forms, Views

 

 

 

Customization

 

System Form = No
Define and Configure
Business Units

 

0

 

Business Units

 

 

 

Business Management

 

Business Unit = No,
Enable or Disable a
Business Unit,
Reparent Business Unit

 

Define and Configure
Dialogs

 

0

 

Dialogs

 

 

 

Customization

 

Activate Real-time
Processes = No,
Activate Business Rules = No

 

Define and Configure
Queues

 

0

 

Queues

 

 

 

Core

 

Queue/Create = No

 

Define and Configure
Workflows

 

0

 

Workflows

 

 

 

Customization

 

Activate Business Process
Flows = No,
Activate Real-time
Processes = No,
Activate Business Rules = No

 

Define and Configure
Services, Resources, and Work Hours

 

0

 

Services, Resources, and Work Hours

 

Read

 

?

 

Define and Configure
Teams

 

0

 

Teams

 

 

 

Business Management

 

Team = No
Define Relationships Entities

 

0

 

Relationships

 

 

 

Core?

 

Relationship Role,
Opportunity Relationship,
Customer Relationship

 

Facility/Equipment Management

 

0

 

Facilities, Equipment

 

Read

 

Service Management

 

Facility/Equipment = No

 

Goal Management

 

0

 

Goals

 

Read

 

Business Management

 

Goal = No,
Goal Metric = No,
Perform in sync rollups
on goals = No

 

Import Data in Bulk

 

0

 

Data – import – Bulk

 

 

 

Core

 

Data Import = No

 

Invoice Management

 

0

 

Invoices

 

Read

 

Sales

 

Invoice = No,
Override Invoice Pricing = No,
Override Quote Order
Invoice Delete = No

 

Marketing Campaigns

 

0

 

Marketing campaigns

 

Read

 

Marketing

 

Campaign = No,
Create Quick Campaign = No

 

Marketing Lists

 

0

 

Marketing lists

 

Read

 

Marketing

 

Marketing List = No

 

Opporturity Tracking

 

0

 

Opportunities

 

Read

 

Core

 

Opportunities = Read

 

Order Management

 

0

 

Orders

 

Read

 

Sales

 

Order = No (or Read)

 

Price Lists

 

0

 

Price lists

 

Read

 

Service?

 

Product Tracking

 

0

 

Products

 

Read

 

Sales

 

Product

 

Qualify and Convert a
Lead to an Opporturity

 

0

 

Opportunities

 

Read

 

Core

 

Opportunities = (Read)

 

Quick Campaigns

 

0

 

Quick campaigns

 

Read

 

Marketing

 

Create Quick Campaign = No

 

Quote Management

 

0

 

Quotes

 

Read

 

Sales

 

Quote = (Read)

 

Sales literature

 

0

 

Sales literature

 

 

 

Sales

 

Sales literature = No

 

System Reports, System Charts, System Dashboards

 

0

 

Reports, Charts, Dashboards – System

 

Read

 

Customization

 

System Chart = No

 

Territory management

 

0

 

Territories

 

 

 

Sales

 

Territory = No
(Business Management:Assign Territory to User)

 

See also

  • Create or edit a security role – link
  • CRM Online Service Description – http://technet.microsoft.com/en-us/library/microsoft-dynamics-crm-online-service-description.aspx

Comments (10)

  1. Recep YUKSEL says:

    Thank you very much Jesper.

  2. Ed (DareDevil57) says:

    Thank you

  3. Optevia Steve says:

    Really useful post jesper, but i thought the Enterprise licence was available outside of the US as well?

  4. Anonymous says:

    Smile everyone it’s Friday and you still have time to read the best CRM articles of the week, wooohoooo

  5. Anonymous says:

    Smile everyone it’s Friday and you still have time to read the best CRM articles of the week, wooohoooo

  6. Kofod says:

    Is these different user rights and Price points also applicabel to CRM on prem?

  7. Daniel says:

    Thanks Jesper. A (maybe dumb) question, if access is NOT restricted by security roles, could a basic user theoretically use all the functionality? in other words, access is not restricted inherently by the USL?

  8. Jason says:

    If I were to purchase ESS CALs, would they show up as an option in the user License Type drop down? I only see Full and Limited as options.