M S Dynamics CRM Security Model


For every business user data security is the first concern while purchasing a new software for business. MS Dynamics CRM is a software application which is designed keeping such concerns in mind. As a move in the direction of improved data security, Dynamics has introduced a new security model.

The main features of the security model are:

  • Users can access only that data, which is appropriate for their job, not to any other.
  • Different roles are introduced and data access is given based on these roles.
  • Users will be able to share data with others without giving ownership.

Types of Security in Dynamics CRM

MS Dynamics CRM provides three types of security:

  • Role based security
  • Record based security
  • Field level security

Role based security:  It provides specific sets of privileges to a user in Dynamics CRM.

For example: If we want all users with the security role of Sales Manager to have read, write and delete access to all Lead records; while users with the security role of Salesperson should have only read access of the Leads they own – role based security settings help accomplish this.

Record based security: It allows or restricts access to specific records in the CRM.

For example: If we want to restrict a set of users from accessing Case records, record based security helps accomplish this.

Field level security: It allows or restricts access to specific fields on an entity in Dynamics CRM.

For example: If we want only a set of users to see a specific field (Annual Revenue, for instance) on Lead entity, field based security can hide or display that field, based on users.

Dynamics CRM-02

Security Roles in MS Dynamics 

In Dynamics, different security roles are introduced based on which data access levels are set. They define the privileges and access levels for various entities in CRM. Each security role is categorized into eight sections. They are Core records, Sales, Service, Marketing, Business Management, Service Management, Customization and Custom entities.

The list of default security roles available in CRM are:

  • System Administrator
  • System Customizer
  • CEO
  • Sales Manager
  • Sales Person
  • Other Standard roles

Creating a Security Role in Dynamics 

A new security role can be created in different ways

  • To create a security role from the scratch
  • To modify a CRM default role
  • To copy an existing role and modify its privileges

The ideal way to create a new security role is to copy an existing role and then modify its privileges. Dynamics CRM contains 580 predefined privileges; so it is difficult to create a new security role from the scratch. For doing this

1. Navigate to Settings-> Security->Security Roles


2. Select the Security Role which you want to copy

3. On Actions tool bar, select more options; then choose Copy Role

scrnshot 2

4. A new dialogue box appears. Name the new Security Role here.


5. Click OK, and once copying is complete, open the Security role and modify it based on your needs.

Related: How to set the new rules in Dynamics 365 CRM

Security Role Privileges in Dynamics 

Privileges determine the level of access a user has to a specific record or its type. The following are the set of privileges associated with each Security role in CRM

Create: Allows the user to create a new record in CRM

Read: Allows a user to view a record in CRM

Write: Allows a user to edit a record in CRM

Delete: Allows a user to delete a record in CRM

Append: Allows the user to attach other entities to a record (e.g.: Notes)

Append to: Allows the user to attach other entities with a record (e.g.: Account)

Assign: Allows assigning ownership of a record to another user

Share: Allows to share the record information with another user by keeping the ownership

Related: A step-by-step guide to configuring emails in MS Dynamics CRM

To view or set Privileges to a Security Role 

  1. Navigate to Settings-> Security->Security Roles

It will list all the security roles available in CRM. Open the security role which you want to modify. You can set privileges to that security role based on various access levels provided.


Levels of Access 

None: No Privileges given.

User (Basic): The privilege will be given to the records owned by user and the team to which the user belongs to.

Business Unit (Local): Privileges to records owned by the business unit to which the user belongs to.

Parent (Deep): Privileges to the records owned by the parent business unit to which the user belongs and the child business units associated to that business unit.

Organization (Global): Privileges for all records in the organization regardless of who owns it.

The MS Dynamics security model protects data integrity and privacy, which opens up new and safer opportunities of data access and collaboration. If you would like to know more about the security model, write to services@suyati.com. You could also leave me your questions/thoughts in the comments section below, and I will get back to you soon. 

Author : Soumya P S Date : 06 Dec 2017