Roles, Privileges and Access Rights

banner art

Best practices for use of the Microsoft CRM security model include the following:

  • Strictly limit the number of people assigned the System Administrator role. Never remove this role.
  • Create roles according to the security best-practice of least privilege, providing access to the minimum amount of business data required for the task. Assign users the appropriate role for their job.
  • Create a new role with those specific privileges and add the user to the new role if a user needs additional access levels or rights,. A user's rights are the union of all the roles to which he or she has been assigned. Don't grant the original role privileges that are needed by only one or a few members.
  • ,Use sharing, when appropriate, to give specific users specific rights on individual objects, rather than broader privileges on all objects of a given type.
  • Use teams to create cross-functional groups, so that specific objects can be shared with the team.
  • Train users who have sharing access rights to share the minimum information needed.

Related Topics

Microsoft CRM Security Model

© 2007 Microsoft Corporation. All rights reserved.