I need to enhance MS CRM Role based security model with more criteria to filter on. I.e. in addition to Business Unit access level, I need to add location access level, team access level and some other access layers based on custom entities.
I brushed through internet and MS CRM 2011 SDK but haven't found an example, how I can enhance Role based security model. Is it possible?
If it is, can you point me on example how I can achieve this?
In CRM 2011 you have more options in security model:
You have the concept of teams, that can have users from different BUs
You have security-field, to enhance the security for a field
See here resume of all options in CRM 2011. See also this article.
Another option you have is using Javascript to add more criteria:
http://www.powerobjects.com/blog/2011/10/20/how-to-hide-a-button-on-the-ribbon-in-dynamics-crm-2011/
http://blogs.infinite-x.net/2010/11/16/retreiving-user-roles-in-crm-2011/
http://crmdm.blogspot.pt/2011/03/how-to-hide-show-tab-in-crm-2011-using.html
http://crmdm.blogspot.pt/2011/02/how-to-hide-control-in-ms-crm-2011.html
Related
i want to know the purpose of these dynamics CRM tables as i am trying to understand the internals of the dynamics CRM security model.
The following is a great article that's going to help you to understand how the security model works:
CRM Security Model Internals
In this post I’ll describe some of the CRM Security Model internals. I’ll describe how roles and privileges are used under the covers, how security is enforced for different operations, and some of the internal structures that make it possible.
I am looking for a way to get CRM 2011 form based security role report instead of manually going to each form of an entity and find the security roles. There must have been some way to get it either using some 3rd party tool or SQL Server?
EntityId | FormId | FormType | SecurityRoleId
Finally, written a script to get the security roles which are not provided by Dynamics CRM 2011 out of box.
The trick that i have applied in my solution is by parsing the FormXml to get the security role ids of each form because i couldn't find any table where CRM is maintaining this association of form and role ids.
Composed the full answer at this github location:
Entity's Form Based Security Roles
I am creating organization architecture in dynamics CRM.
I have one question regarding - Site vs Sales Territory
or BU vs Site
When exactly we should create Site, Sales Territory or BU ?
Or we can say what are the limitations of them ?
I have gone through many forums and websites but not able to find any good document on this.
Any online book which I can read to understand this difference ?
Any help on this will be greatly appreciated.
Thank you,
Mittal.
Those are all quite different things used for different purposes. You may find you will need all three or just a couple depending on what you are trying to do. E.g. If you are not doing any sales you wont need sales territories, if you want to model a security model where only some users can see some data you will want business units.
I would suggest digging into each area in more detail (scheduling, sales, security) as described below to make that decision.
Sites are part of the scheduling engine.
In Microsoft Dynamics CRM 2011, a site entity represents a location or
branch office where an organization does business. Many Microsoft
Dynamics CRM customers have multiple sites. Sites enable resources,
services, and appointments to be defined at a particular location with
an associated time zone. Location, correct selection of resources, and
time zone are important elements in the scheduling of service
appointments when multiple locations of doing business are involved.
You can use sites to limit what resources, such as users and
equipment, can be scheduled for a specific service activity.
When you search for an available service activity resource calendar
time slot, to avoid making an appointment in the wrong location, the
scheduler must be able to select the site or delivery location as a
constraint to the search. For example, a customer may ask for an
appointment at the Seattle office. To support this, there must be a
site named Seattle and there must be required resources assigned to
the service type to be performed. When generating appointment
proposals, Microsoft Dynamics CRM 2011 must be able to avoid proposing
appointments with resources that cannot physically be together to
provide the service. The site entity serves this purpose. Sites
provide for the grouping of resources, such as users and
facility/equipment, services, and appointments, according to a
location with an associated time zone and locale.
Sales Territories are part of the sales process.
Microsoft Dynamics CRM 2011 uses the fiscal calendar entities and the
territory entity to track sales information for a salesperson. A
salesperson is a user in Microsoft Dynamics CRM who has to meet sales
objectives, such as sales quotas. A territory is a geographical area
that is assigned to a salesperson.
Business Units are part of the security model.
An organization in Microsoft Dynamics CRM, such as a holding company
or a corporation, is made up of business units. A business unit is a
unit of the top-level organization. Business units can be parents of
other business units (child business units). The first business unit
created for an organization is called the root business unit.
A business unit can own records as defined in the ownership type in
the metadata definition for an entity.
I have integrated our SharePoint site and our Dynamics CRM 2011 system so that we can upload documents from CRM. But i had a thought that through security in CRM users can only see records relevant to them, but if they just went to the SharePoint site they'll be able to see documents related to any record even if they couldn't see it in CRM.
So i was wondering if its possible in some way to 'sync' the security from CRM into SharePoint so that users can't see what they're not meant to in either system.
Thanks
It is possible out-of-the-box. There is a commercial CB Replicator solution that solves exactly this problem. It performs complex mapping of CRM security model into SharePoint groups and and folder level permissions.
Shortly described it deploys tiny plugin into CRM that collects all the events that could require change of permissions. There is a standalone service that gets these events and write proper permissions into SharePoint as item level permissions on referenced folders by sharepointdocumentlocation entity.
It support various action in CRM that lead into permissions change, e.g.s security roles, business unit hierarchy, privilege depths, team membership, access team, access team templates, sharing.
Unfortunately this isn't possible out of the box. SharePoint's security model is usually based on AD groups, whilst CRM uses in-app security roles applied per user.
To keep these in sync would require some custom development on the server side, that is if it's possible at all.
I have couple of questions related to the usage of Dynamics CRM:
Can it be used like a shopping website?
If I am using it like a Shopping website, will I have to buy a license for every registered user on my website?
Or do you think Dynamics CRM is not made to behave like a shopping website?
1) Absolutely, with some development, Microsoft CRM can be used as the database for your shopping website. You can use the built-in product catalog and price lists for your sales. Microsoft CRM has entities built into it for lead -> opportunity -> quote -> order -> invoice and you can repurpose any or all of these to work as you need them.
2) Typically the users of your shopping website will coincide with CRM contacts, which is great because you don't need user licenses for them. You will have to license each end user of the system but this is limited to employees of your business. In some scenarios you may need to purchase one external connector license which licenses you to expose data through a web site or other medium - see this blog for more details http://blogs.msdn.com/b/mscrmfreak/archive/2007/06/01/repeat-external-connector-license.aspx. You will need to develop the website shopping site front end and integrate it with Microsoft CRM using the Dynamics CRM SDK.
3) Building portals to Microsoft CRM is actually a very common request. A shopping website is a type of portal, another type would be a customer self service website. Both can utilize the Microsoft CRM database to get 60% of the way, and then integrate with the website.
While you could use Microsoft Dynamics CRM to build a shopping website, I wouldn't recommend it. A CRM and a framework for ecommerce are two different beasts. Look for a product that is specifically created for a shopping website, rather than attempting to manipulate Dynamics CRM.