Richard Knudson over the weekend posted an article titled" Dynamics CRM 2011 Security Roles" --
"Security Roles, when assigned to a user or a team, determine what users can and cannot do in a Microsoft Dynamics CRM organization. Security roles are probably the most complex concept in the Dynamics CRM security model. I wrote an article an earlier article about the related concepts of business units, users and teams, but security roles deserve their very own article, and here it is," stated Knudson.
Knudson starts with a few basic facts about security roles. For the most part, security roles determine the access level a user has for privileges on every entity in Dynamics CRM. So what does that mean?
- Privileges are the verbs in CRM: Create, Read, Write, Delete, Append, Append To, Share, Assign.
- Access levels, from most to least generous: organization, parent-child business unit, business unit, user, none.
- >Entities are the units to which a security role applies an access level for every privilege.
This three-dimensional model is what accounts for the very colorful and initially somewhat overwhelming security role UI. The following two figures show the most generous and least generous out-of-the-box user security roles:
The CEO-Business Manager Security Role, Core Records Tab:
The Salesperson Security Role, Core Records Tab:
The Salesperson role is more interesting since it consists of things other than just completely filled in green circles, so Knudson explain these concepts in terms of this role. Knudson provide some examples to illustrate the trickier concepts in his article, that you can read here in its entirety.