Securing Confidential Data via Roles

Often you might find that you have the business need to hide data from some users on an account. By default, Microsoft Dynamics CRM manages security via roles and business units. Roles define what rights are allowed and business units define the boundary of the role. An example is that a user with a salesperson role might have the ability to read/write all the accounts that belong to users in a business unit or across the entire organization. A user in the marketing department who has a role for marketing, might not be able to see customer service records. The security model allows you to segment data from users. Occasionally, you may have a need to allow partial data to be kept private on a specific entity such as an account.

One way to secure data from different users on the same account is to create custom entity to hold the data and manage rights by role. This would allow you to specify that only certain users can see that data. In the example below, notice the link to references. This allows a user to create data specific to customer references. This view is valid for the salesperson role.

Now look at the view, when a marketing user is looking at the account.

Notice they don't see the Reference link on the Nav pane to the right.

 

To accomplish this, you create a custom entity to hold the confidential data. Related it to the primary entity, in this case, the account.
Next, you remove the rights for the custom entity from the user role to exclude. The data will be available for users with the proper roles and hidden from those with it.

-cheers
jonw

Comments

• Anonymous
  April 14, 2009
  PingBack from http://microsoft-sharepoint.simplynetdev.com/securing-confidential-data-via-roles/

• Anonymous
  April 22, 2009
  Often you might find that you have the business need to hide data from some users on an account. By default