MS Dynamics CRM Security and Information Access management

With this Security and Information access management:

• We can provide the users only the information they need to perform their own jobs.
• We can easily control the security by not giving access to the data which is unrelated to the user’s position in the organization.
• We can create security roles which define user’s rights on the data and we can assign one or more security roles to a specific user based on the requirements of the organization.
• We can easily handle team-based and collaborative projects by enabling users to share the necessary records among themselves.

To configure our Organization’s security and information access structure, first we have to decide which security roles thus the users of our organization will have and then we have to define the security privileges associated with each of these security roles by customizing the security settings.

Security Management involves 2 key topics:

1. Security model concepts
2. User authentication

1. Security Model Concepts:

There are 2 main concepts of security model:

1. Role-based and Object-based security
2. Organizational Structure

a. Role-based and Object-based security:

• Generally security roles describe a set of access levels and privileges for each of the entities in MS Dynamics CRM.
• Using these defined security roles CRM will determine the information that can be accessible for each of its user, which is basically known as Role-based security in MS Dynamics CRM.
• We can also define security privileges for a single record of any entity by configuring access rights like read, write, assign, share etc on those records, which is nothing but object-based security.
• MS Dynamics CRM basically uses a combination of both role-based and object-based security to manage the access rights and permissions throughout the organization.

b. Organizational Structure:

Generally MS CRM organizational structure mainly includes:

Organization: The top level of MS Dynamics CRM business management hierarchy which is nothing but the company that owns the deployment. CRM automatically creates the organization by using the name that we provided during installation, which cannot be modified or deleted later. We can also refer organization as “Root Business Unit”.

Business Units: Logical grouping of business operations or activities. We can specify only one parent BU for each BU but we can have multiple child BUs.

Teams: A group of users who work together by sharing records. Generally we use teams when users from different BUs need to work together on a set of shared records. We can specify a single BU for each team, but the team members can belong to multiple BUs.

Users: Who typically works for the organization and who has access to MS Dynamics CRM is known as User. Each user belongs to one BU, can be assigned to one or more security roles.

2. User Authentication:

MS Dynamics CRM has 3 different types of security methods to authenticate users when they try to log on to the system to access MS CRM.

1. Integrated windows authentication
2. Claims based authentication
3. Microsoft Windows Live ID

1. Integrated windows authentication:

Generally for on-premise CRM deployments customers use Integrated windows authentication. Using integrated windows authentication Internet Explorer automatically passes their encrypted user credentials to MS Dynamics CRM and provide access to them. This means users can automatically log on CRM using their existing Active Directory domain accounts.

Suppose if we disable user in active directory it prevents the user from logging into MS Dynamics CRM. So it is always better to disable the user in MS CRM before disabling in Active Directory. And if change user’s name in Active Directory we must manually update it in MS CRM too.

2. Claims based authentication:

Generally we use claims based authentication for internet-facing deployments (IFD). In IFD scenario, Customers need to browse over the internet to a custom URL address to access MS Dynamics CRM without creating Virtual Private Network (VPN). Claims-based authentication is built on Windows Identity Foundation (WIF). MS CRM requires federated service like Active Directory Federation Services (ADFS) to support claims-based authentication. When users browse to the external IFD URL, they see a logon screen which prompts username and password where one can enter his or her Active Directory credentials.

3. Windows Live ID:

Only MS Dynamics CRM online users uses windows live ID to authenticate when they log on to their system. Microsoft offers Window Live ID as a single sign-on service that can be used throughout various internet websites.