Role-Based Security
.gif) |
The fundamental concept in role-based security is that privileges are assigned to defined categories of users (known as roles) rather than to individual users. When a user is assigned to one of these roles, he or she is assigned the set of privileges associated with that role. A user who is not assigned to a role does not have any privileges.
In Microsoft CRM, a role describes a defined set of responsibilities (or tasks to perform) within the organization. A role, for example, a salesperson, is assigned a set of privileges that are relevant to the performance of the tasks defined for that role. All users must be assigned to one of these predefined roles.
A privilege authorizes the user to perform a specific action on a specific entity type. Privileges apply to an entire class of objects, rather than individual instances of objects. For example, if a user does not have the privilege to read accounts, any attempt by that user to read an account will fail.
The access level determines the levels within the organization to which a privilege applies. Each privilege can have up to four access levels: Basic, Local, Deep, and Global.
In This Topic
Related Topics