Mapping the Basic User to Security Role Settings - Suggestions
In Dynamics CRM we have three types of User Subscription Licenses (USLs); Professional, Basic, and Essential
- Professional users has full rights to 'everything' in CRM
- Essential users has rights to custom entities primarily
- Basic users sits sort of in-between, in terms of use rights
Note - A fourth USL (Enterprise) is available. Its equivalent to Professional plus Dynamics Marketing, Social Care (specific markets) and Unified Service Desk.
Each of the above licenses has a different price point; if Professional is 4X then Basic is approximately 2X, and Essential is X. Hence its often of interest to the customer to 'get the right mix' between Professional and Basic users, ending up with the optimal average price point.
The Basic user has full access to eg the Account, Contact, Lead, and Case entitites, but have read only/limited use rights to certain entities, eg. Opportunities. Using the Security Role settings in Dynamics CRM you can control what a user can access. Hence mapping the two - the Use Rights of the Basic user to the available Security Role settings - is interesting.
Use Rights for the Basic USL
Appendix A in the "Licensing and Pricing Guide, June 2014" maps CRM Online Use Rights to the Pro, Basic and Essential USL's.
Security Roles
A security role in Dynamics CRM defines how different users, such as salespeople, access different types of records. To control access to data, you can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Each user can have multiple security roles.
To access the security roles click Settings -> Administration -> Security Roles 
In the "New Security Role" dialog you can control what a user with that new role can do in CRM using the various tabs and settings (priveleges and scope) in the dialog.
The tabs are
- Core Records
- Marketing
- Sales
- Service
- Business Management
- Service Management
- Customizations
- Custom Entities
The access right/priveleges are
- Create - create a record
- Read - read a record
- Write - make changes to a record
- Delete - delete a record
- Append - associate a record to another record
- Append To - associate entity record to this record
- Share - give access to a record to another user while keeping your own access
- Reparent - assign a different parent to entity record
The scopes are
- None Selected = No access is allowed
- User = This access level gives a user access to records he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member
- Business Unit = This access level gives a user access to records in the user's business unit
- Parent: Child Business Unit = This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit
- Organisation = This access level gives a user access to all records within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs
Mapping Use Rights to Security Role settings for the Basic USL
In the table below I've taken the first steps trying to map the Basic USL to CRM Security Role settings. Please note: the below table is a my personal suggestion and by no means authoritive.
The table has six columns:
- "Appendix A - Subject" = The left most column ("Use Rights" in the Appendix A above, sorted alphabetically
- "Basic" = Appendix A - Basic User Use Rights (1=Full, 0=None)
- "Focus" = What I consider being the deciding context
- "USL" = Lists if Basic user has Full or Read access to the entity to the left (the "Focus" Column) according to the simple chart (an interpretation of Figure 5 in the Licensing and Pricing Guide)
- "Security Tab" - name of the tab in CRM Security Roles where the setting is to be done
- "Security Setting(s) - suggested" = which settings I suggest you look at on the tab
| Appendix A: Subject | Basic | Focus | USL | Security Tab | Security: Setting(s) - suggested |
| Accounts | 1 | Accounts | Core | Account | |
| Activity Management | 1 | Activities | Core | Activity | |
| Add or remove a Customerfor an Account | 1 | Customer Relationship | Core | Customer Relationship | |
| Add or remove a Customer Relationship for a Contact | 1 | Customer Relationship | Core | Customer Relationship | |
| Advanced Find Search | 1 | Search | |||
| Associate an Opportunitywith a Contact | 1 | Contacts | Full | Core | Opportunity = Append,Contact = Append To |
| Associate an Opporturitywith an Account | 1 | Accounts | Full | Core | Opportunity = Append,Account = Append To |
| Case Management | 1 | Cases | Full | Service | Case |
| Contacts | 1 | Contacts | Full | Core | Contact |
| Convert an Activity to a Case | 1 | Cases | Full | Service | Case = (Create) |
| Create and Update Announcements | 1 | Announcements | Core | Announcement | |
| Create personal views | 1 | Views - Personal | Customization | View = (Create) | |
| Create, Update, Customize Reports | 1 | Reports | Core | Report | |
| Export data to Microsoft ExceI | 1 | Data - Export | Business Management | Export to Excel | |
| Follow Activity Feeds | 1 | Follow | Core | Follow | |
| Lead Capture | 1 | Leads | Full | Core | Lead |
| Lead scoring, routing and assignment | 1 | Leads | |||
| Manage Saved Views | 1 | Views - Saved | Core | Saved Views | |
| Manage user reports,user charts,and user dashboards | 1 | Reports, Charts, Dashboards - User | Full | Core | Report,User Chart,User Dashboard |
| Microsoft CRM for Outlook | 1 | Client UI | Business Management | Sync to Outlook,Go Offline in Outlook | |
| Microsoft CRM Web application | 1 | Client UI | |||
| Microsoft Dynamics CRMfor iPad & Windows 8 | 1 | Client UI | Business Management | Use CRM for Tablets | |
| Microsoft Dynamics CRMMobile Express | 1 | Client UI | |||
| Notes | 1 | Notes | Full | Core | Note |
| Perform Mail Merge | 1 | Mail Merge | Business Management | Mail Merge,Web Mail Merge,(Core : Mail Merge Template) | |
| Post Activity Feeds | 1 | Post | Full | Core | Post |
| Qualify and Convert aLead to a Contact | 1 | Contacts | Full | Core | At least WRITE on Lead as well as CREATE & WRITE on Contact |
| Qualify and Covert aLead to an Account | 1 | Accounts | Full | Core | At least WRITE on Lead as well as CREATE & WRITE on Account |
| Read Articles | 1 | Articles | Service | Article = (Read) | |
| Read Custom Application Data | 1 | Data - Custom | Customization : User Application Metadata | ||
| Read Dynamics CRMApplication Data | 1 | Data - CRM Application | Read | Core:Application File,Customization:System Application Metadata | |
| Run an automated workflow | 1 | Workflows - Automated | Customization | Execute Workflow Job | |
| Run as an On-demand Process | 1 | Processes (Workflows) | Customization | Process,Execute Workflow Job | |
| Run Reports | 1 | Reports | Core | Report | |
| Search | 1 | Search | |||
| Shared Calendar | 1 | Calendar - Shared | Service Management | Calendar | |
| SLAs | 1 | SLAs | Service Management | SLA | |
| Start Dialog | 1 | Dialogs | Customization | Execute Workflow Job | |
| Use a Queue item | 1 | Queues | Core | Queue:Write | |
| Use Relationships between Records | 1 | Relationships | Core | Relationship Role | |
| User Charts | 1 | Charts - User | Core | User Chart | |
| User Dashboards | 1 | Dashboard - User | Core | User Dashboard | |
| User Interface Integration for Microsoft Dynamics CRM | 1 | ||||
| View Announcements | 1 | Announcements | Core | Announcement | |
| Write Custom Entity Records | 1 | Entities - Custom | Customization | Entity = (Write) | |
| Yammer Collaboration | 1 | Yammer | Customization:Configure Yammer | ||
| Administer CRM | 0 | CRM | |||
| Article Templates | 0 | Articles - Templates | Service | Article Templates = No | |
| Competitor Tracking | 0 | Competitors | Read | Sales | Competitor = Read |
| Configure Auditing | 0 | Auditing | Core | Delete Audit Partitions = No,View Audit History,View Audit Partitions,View Audit Summary | |
| Configure Duplicate-Detection Rules | 0 | Duplicate-detection rules | Core | Duplicated Detection Rule = No | |
| Configure SLA Policies | 0 | SLA Policies | ? | ||
| Contract Management | 0 | Contracts | Read | Service | Contract = (Read) |
| Contract Templates | 0 | Contracts - Templates | Service | Contract Template = No | |
| Convert an Activity to an Opporturity | 0 | Opportunities | Read | Core | Opportunities = (Read) |
| Create and Publish Articles | 0 | Articles | Service | Create = No,Publish Articles = No | |
| Create CRM Forms, Entities, Fields | 0 | Forms, entities, fields | Customization | Entity = (NOT Create),Field = (NOT Create) | |
| Customize Forms and Views | 0 | Forms, Views | Customization | System Form = No | |
| Define and ConfigureBusiness Units | 0 | Business Units | Business Management | Business Unit = No,Enable or Disable aBusiness Unit,Reparent Business Unit | |
| Define and ConfigureDialogs | 0 | Dialogs | Customization | Activate Real-timeProcesses = No,Activate Business Rules = No | |
| Define and ConfigureQueues | 0 | Queues | Core | Queue/Create = No | |
| Define and ConfigureWorkflows | 0 | Workflows | Customization | Activate Business ProcessFlows = No,Activate Real-timeProcesses = No,Activate Business Rules = No | |
| Define and ConfigureServices, Resources, and Work Hours | 0 | Services, Resources, and Work Hours | Read | ? | |
| Define and ConfigureTeams | 0 | Teams | Business Management | Team = No | |
| Define Relationships Entities | 0 | Relationships | Core? | Relationship Role,Opportunity Relationship,Customer Relationship | |
| Facility/Equipment Management | 0 | Facilities, Equipment | Read | Service Management | Facility/Equipment = No |
| Goal Management | 0 | Goals | Read | Business Management | Goal = No,Goal Metric = No,Perform in sync rollupson goals = No |
| Import Data in Bulk | 0 | Data - import - Bulk | Core | Data Import = No | |
| Invoice Management | 0 | Invoices | Read | Sales | Invoice = No,Override Invoice Pricing = No,Override Quote OrderInvoice Delete = No |
| Marketing Campaigns | 0 | Marketing campaigns | Read | Marketing | Campaign = No,Create Quick Campaign = No |
| Marketing Lists | 0 | Marketing lists | Read | Marketing | Marketing List = No |
| Opporturity Tracking | 0 | Opportunities | Read | Core | Opportunities = Read |
| Order Management | 0 | Orders | Read | Sales | Order = No (or Read) |
| Price Lists | 0 | Price lists | Read | Service? | |
| Product Tracking | 0 | Products | Read | Sales | Product |
| Qualify and Convert aLead to an Opporturity | 0 | Opportunities | Read | Core | Opportunities = (Read) |
| Quick Campaigns | 0 | Quick campaigns | Read | Marketing | Create Quick Campaign = No |
| Quote Management | 0 | Quotes | Read | Sales | Quote = (Read) |
| Sales literature | 0 | Sales literature | Sales | Sales literature = No | |
| System Reports, System Charts, System Dashboards | 0 | Reports, Charts, Dashboards - System | Read | Customization | System Chart = No |
| Territory management | 0 | Territories | Sales | Territory = No(Business Management:Assign Territory to User) |
See also
- Create or edit a security role - link
- CRM Online Service Description - https://technet.microsoft.com/en-us/library/microsoft-dynamics-crm-online-service-description.aspx
Comments
- Anonymous
January 01, 2003
Thank you very much Jesper. - Anonymous
January 01, 2003
thank you - Anonymous
January 01, 2003
http://download.microsoft.com/download/3/E/5/3E5F721D-69F4-4398-9E25-A47F81777031/MicrosoftDynamicsCRM2013On-PremisesLicensingGuide(CustomerReady).pdf - Anonymous
January 01, 2003
Thank you - Anonymous
January 01, 2003
Really useful post jesper, but i thought the Enterprise licence was available outside of the US as well? - Anonymous
July 25, 2014
Smile everyone it’s Friday and you still have time to read the best CRM articles of the week, wooohoooo - Anonymous
July 25, 2014
Smile everyone it’s Friday and you still have time to read the best CRM articles of the week, wooohoooo - Anonymous
August 04, 2014
Is these different user rights and Price points also applicabel to CRM on prem? - Anonymous
September 02, 2014
Thanks Jesper. A (maybe dumb) question, if access is NOT restricted by security roles, could a basic user theoretically use all the functionality? in other words, access is not restricted inherently by the USL? - Anonymous
October 01, 2014
If I were to purchase ESS CALs, would they show up as an option in the user License Type drop down? I only see Full and Limited as options.