Data security in CRM systems like Microsoft Dynamics 365 is a major concern for many users. Nobody wants to lose their data, especially if it isn’t backed up elsewhere.
Security roles reduce your risk of data loss by ensuring that only the right people can access, add, edit, or delete a record or record type. More broadly, security roles define what a user can and cannot do within a CRM system. You can have as many security roles as you want, which gives you a lot of flexibility when it comes to your data security methods.
Microsoft Dynamics 365 includes several default security roles. However, these roles will not be a perfect fit for everyone. For example, you may have salespeople operating in different regions and want to limit their access to records outside their territories. Or you may have multiple salespeople working on the same accounts and want all of them to have access to the account records, but not to delete rights for those records. In these cases, the out-of-the-box security roles will not meet your needs, but you can create custom security roles that will.
In this tutorial, you will learn the 3-step process for how to set up a new security role. Specifically, you will create a security role for an average salesperson in Dynamics 365 by copying the out-of-the-box salesperson security role and revoking the delete privilege for accounts. You can then use this method to create other custom security roles in the future.
Step 0 – Follow Security Role Best Practices
The best practice for creating custom security roles is not to change the out-of-the-box security roles, but to copy an existing security role and modify it to fit your needs. This way, you’ll still have access to the original for reference and backup purposes.
Consider who should have what rights and what processes could be affected before implementing or changing security roles in your system. In this tutorial, for example, we are adjusting the rights to delete certain records. Always be careful when removing delete rights. You also may be removing the right to perform data imports, which require some delete rights, and you may need to create or adjust a process first to ensure records are marked as deleted.
For more on the relationship between data imports and security roles, check out our Microsoft Dynamics CRM Online Importing & Exporting webinar. The security roles segment begins at 8:33.
Step 1 – Ensure Access to Security Settings
Before you begin, make sure you have the rights to access and edit Security settings. If you do not, you will be unable to access or edit security roles.
Step 2 – Copy Existing Security Role into a New Security Role
From the top menu, choose Settings → Security → Security Roles.
The existing security roles will appear. If you have not added or modified these roles before, you will see only the out-of-the-box roles. There are a lot that come with the system!
Next, select Salesperson, and then choose More Actions → Copy Role.
This will open the Copy Security Role window.
Set the New Role Name as “Salesperson No Account Delete” and click OK.
Step 3 – Customize Your New Security Role
When the copy is complete, your new security role window will open. You will see several tabs associated with that role.
Select the Core Records tab to access the core entities for your new security role.
You will see a list of entities in the column on the left. To the right of each entity is a series of radio buttons that allow you to set privileges and access levels for the corresponding entity. The key at the bottom explains each button setting.
The Account entity should be the first on your list. As you can see, out-of-the-box users have the ability to delete their accounts. To remove that privilege, toggle the Delete radio button until it goes blank in the middle (see key). The delete right is now revoked on the Account entity.
If you want to make additional changes to your new salesperson security role, you can do so from this window. There are a lot of options here!
Once you are satisfied with the changes you have made, click Save and Close.
Your new security role can now be assigned to users in your system.
Next Step – Learn More About CRM Security
Was this tutorial helpful? Do you have feedback or additional questions? Let us know in the comments, or contact us directly. We’re here to help!