Blog Archive

 

RSS Feeds

 

Stay Connected

 

Archive for the ‘CRM Security Roles’ Category

How to Avoid Human Induced Catastrophe in CRM

January 26th, 2012

Often the weakest link in protecting the security of the CRM system is the user and not the technology infrastructure. There are some basic steps you can take immediately after installing CRM 2011 or signing up for the CRM Online service to protect your users from themselves. It is all about adjusting the security roles in CRM and taking some other basic precautions to minimize the risk of user induced catastrophe to the CRM system.

1.  Never assign the CEO-Business Manager role to the owner of the company. This role has extensive privilege’s and without proper perspective and insight it can do a lot of damage. How often does the Owner get CRM training? Not very often. Unless that is you.

 

2.  Clone all of out of the box rules and remove the Delete privilege on all the Core Records. Assign those modified roles to users.

 

3. Limit the users who are assigned the System Administrator or System Customizer Role assignments to only those must have users that have received training.

 

4.  Turn on Auditing for all company critical records – Accounts, Contacts, Leads, Opportunities.

How? http://help.crm.dynamics.com/help/default.aspx?area=%2ftools%2faudit%2faudit_area.aspx&user_lcid=1033&ver=5.0.9688.1553

  
5.  Periodically export the default solution of your system as a backup. Go to Settings/Customizations/Customize the System. Select Components, check the select all box and then Export the solution. You may want to do this before you are going to be making any major edits to the entities or site map.

 

7. Make sure the Bulk Delete privilege is not enabled for users that don’t need it.
8. Remove the Bulk Edit privilege for users that don’t need it.

9. Besides running the ‘nightly disaster recovery backup’ for the SQL database, you might consider automating the scheduling of periodic onsite backups during the business day if the database isn’t too large.

These are the first 9 steps we perform on every CRM installation we implement.

CRM Security Role Best Practices

December 17th, 2011

One of the core underlying principles of security roles is that the permissions are additive and least restrictive. Today while helping a client I observed a situation where this seems to be mis-understood. In the User record below you can see that this CRM user has 14 roles applied to their security role.

A user’s rights are the union of all the roles to which he or she has been assigned. The least restrictive role always applies. There is no reason to pile on Roles that are similar to other roles. This is especially the case if one of the Roles is System Administrator. The System Administrator has full priveleges on all records and functions. This includes automatically granting full rights to any new custom entities.

Microsoft Dynamics CRM Security Role Assignment

The following are some guidelines for best practices for use of the Microsoft Dynamics CRM security model:

  1. Create roles according to the security best practice of least privilege, providing access to the minimum amount of business data required for the task. Assign users the appropriate role for their job.
  2. Diligently limit the number of people assigned the System Administrator role. Never remove this role.
  3. Never assign the built-in CEO to the CEO role unless the CEO is you. J. It has far reaching privileges (ie. delete any record)
  4. Create a new role with those specific privileges and add the user to the new role if a user needs additional access levels or rights. When creating new roles it is best to copy one of the built-in roles and modify it to meet the specific needs for that profile.
  5. Use sharing, when appropriate, to give specific users specific rights on individual objects, rather than broader privileges on all objects of a given type.
  6. Use teams to create cross-functional groups, so that specific objects can be shared with the team.
  7. Train users who have sharing access rights to share the minimum information needed.
  8. To manage rights to custom entities create roles that contain the specific privileges required for the custom entity function. Add that role to the users that require those rights.
 

Copyright © 2012 CRM Innovation.

All Rights Reserved. - Privacy Policy