Module 02 - Building a Security Model in MSDynCRM2013 Flashcards

Question 1

Q

What is a key objective of any security model?

Answer

A

Prevent unauthorized access or modifications to data.

Question 2

Q

Security rights that you configure in CRM also has a direct effect on what?

Answer

A

Affects the way she system behaves and is displayed to the user.

Question 3

Q

If a user does not have access to a specific entity or application feature…

Answer

A

They are simply not visible in the user’s interface.

Question 4

Q

CRM uses a role-based security model.

Answer

A

Meaning, permissions are defined for a specific job role that is then assigned to users or Teams.

Question 5

Q

Business Units define…

Answer

A

A hierarchy of Users and Teams. And the records the Users and Teams own.

Question 6

Q

Security Roles define…

Answer

A

The privileges the Users and Teams should be granted.

Question 7

Q

Being able to apply permissions on records allows users to…

Answer

A

Perform different actions on records that are owned by other Users or Teams in their Business Unit, from the actions they can perform on records located in another Business Unit.

Question 8

Q

Business Units are helpful to reporting, how?

Answer

A

As an example, a single report can be used by several users in different Business Units to receive the results. Records reflected in the report only include the records that a user has access to.

Question 9

Q

What is the root Business Unit?

Answer

A

The first Business Unit is generated by the deployment process when the Organization is created.

Question 10

Q

Business Units are often created to reflect…?

Answer

A

The operational reporting hierarchy of the business separated by geography or function, or a combination of both.

Question 11

Q

What can the root Business Unit represent?

Answer

A

Can represent the corporation or the holding company of all Business Units in the organization. It is the upper-level node of CRM organizational hierarchy.

Question 12

Q

What are some key characteristics of the root Business Unit?

Answer

A

There is only one root Business Unit. It is created by the CRM Server Setup program. Cannot be assigned a parent Business Unit. Cannot be disabled or deleted.

Question 13

Q

What can Business Units represent?

Answer

A

Subsidiaries, divisions, departments, or just groups of users that have other commonalities such as skills or responsibilities.

Question 14

Q

You should design the Business Unit hierarchy to support what?

Answer

A

The reporting and access requirements, instead of copying the organization chart.

Question 15

Q

How do you create a Business Unit?

Answer

A

CRM > settings > administration > business units > new > enter name > parent business selection > complete other properties > save and close record.

Question 16

Q

Which field is required for any Business Unit you create?

Answer

A

Parent Business field. The root Business Unit does not require a parent.

Question 17

Q

How do you modify a Business Unit?

Answer

A

CRM > settings > administration > business units. –> change parent business to change location in hierarchy, or other properties.

Question 18

Q

When you change the Parent Business Unit of a Business Unit to reorganize your structure, what rules apply?

Answer

A

When a Business Unit is reassigned to a new parent, all its child Business Units move with it. You cannot create circular relationships.

Question 19

Q

What might you have issues with when you move a business unit?

Answer

A

You might have issues with Security Roles assigned to a User or Team. Only security roles locally defined in the Business Unit will remain. Inherited security roles will be removed.

Question 20

Q

When would you want to Disable a Business Unit?

Answer

A

For example, it temporarily stops operation. It will disable all child Business Units and users attached to these Business Units.

Question 21

Q

Users who are assigned to a disable Business Unit cannot access CRM but what happens to the data?

Answer

A

No data is lost. As soon as a BU is enabled, the disabled users can access the aplication again.

Question 22

Q

All enabled users who are assigned to an enabled Business Unit can access…

Question 23

Q

A disabled user is not enabled when his or her Business Unit is…

Question 24

Q

How to enable or disable a Business Unit?

Answer

A

Settings > Admin > Business Units > select Business units > More actions menu to click either Enable or Disable > OK

Question 25

Q

How can you permanently delete a Business Unit?

Answer

A

You must disable it first and remove any child Business Units, Users and Teams.

Question 26

Q

How can you remove child Business Units, Users and Teams?

Answer

A

Either by reassigning Business Units, Users and Teams individually to a new parent, or deleting Business Units or Teams (users cannot be deleted).

Question 27

Q

What are you unable to delete when attempting to delete a Business Unit permanently?

Answer

A

The Users, and the default Team of the Business Unit cannot be deleted.

Question 28

Q

If you want to keep Facility/Equipment records and Resource Groups, you must?

Answer

A

Move the sources to a different Business Unit as they will be deleted when the Business Unit is deleted.

Question 29

Q

Best Practice for deleting Business Units?

Answer

A

Should disable Business Units instead of deleting them. Deleting is irreversible.

Question 30

Q

How to delete a Business Unit?

Answer

A

CRM > Settings > Administration > Business Units > Inactive Business Units > make sure all users, child Business Units and Teams (except default) are removed > Delete > Confirm deletion.

Question 31

Q

In order to access the system, each user must be assigned what?

Answer

A

A security role.

Question 32

Q

How do users receive their permissions to work on records or use features?

Answer

A

It is based on the combination of security roles they are assigned and the business units to which they belong.

Question 33

Q

What are Teams used for?

Answer

A

Teams are used to group users together from one or more Business Units for reporting purposes or to grant the Users the permissions that are given to the Team.

Question 34

Q

What happens if a team has one or more Security Roles?

Answer

A

Users who are members of the Team can use these privileges and the permissions from their own Security Roles.

Question 35

Q

Users can share a record with a Team or assign a record to a Team to own the record if?

Answer

A

The Team has at least read access to the entity.

Question 36

Q

How to give the User permissions required based on primary/secondary/temporary/project role?

Answer

A

Layering multiple roles and permissions assigned directly or indirectly to the User.

Question 37

Q

A Security Role is created in and remains, where?

Answer

A

In a Business Unit.

Question 38

Q

What happens when a Security Role is created?

Answer

A

The Security Role is copied to the child Business Units of that Business Unit and down the hierarchy.

Question 39

Q

What are the copies of the Security roles called?

Answer

A

Inherited roles, which cannot be modified or deleted. If original role is modified, the configuration is copied down so copies always replica of original.

Question 40

Q

A Solution can only contain Security Roles that are created in…?

Answer

A

The root Business Unit.

Question 41

Q

What happens to Security Roles when a solution package is imported?

Answer

A

Security roles are created in the root Business Unit of the target system or update an earlier version of the same if it it already exists. Inherited roles are then created or updated in all BUs of the target Organizations.

Question 42

Q

Users and Teams can only be assigned to a Security Role in their own Business Unit, so that inherited roles make it easier to…

Answer

A

Assign the same privileges to users in different Business Units without having to create and maintain matching roles.

Question 43

Q

It is recommended that Security roles are created where and why?

Answer

A

In the root business unit, and use inheritance to create copies in other Business Units, to avoid having security roles with matching names but completely different permissions and similar issues.

Question 44

Q

What is a best practice concerning the creation of security roles?

Answer

A

It is recommended that you create copies of the default roles and configure the copies to meet your exact security requirements instead of assigning the default roles directly to Users and Teams.

Question 45

Q

Why is creating copies of the default roles useful?

Answer

A

You can keep them as a reference, and you can delete them later on and only use the ones you have modified.

Question 46

Q

Which security role are you unable to modify, ever?

Answer

A

The System Administrator role.

Question 47

Q

What special properties does the System Administrator role have?

Answer

A

All privileges to all entities and features at the Organization access level even as new custom entities are created. At least one user must have the role. Cannot be disabled. And users who have this role are members of the System Administrator Field Security Profile.

Question 48

Q

What happens if you make a copy of the System Administrator role?

Answer

A

It makes a copy and creates a role that has “nearly” all the privileges, but the copy of the role will not have special properties.

Question 49

Q

What are privileges?

Answer

A

Basic security unit in CRM. Describes the actions that are allowed at a selected access level.

Question 50

Q

What are access levels?

Answer

A

Describe where the privilege applies.

Question 51

Q

What do security permissions in each Security Role consist of?

Answer

A

Privileges.

Question 52

Q

What are entity privileges?

Answer

A

Every security role includes a grid that shows the privilege for every combination of each entity and the actions that can be performed on its records.

Question 53

Q

Explain the Create Privilege.

Answer

A

User can create records of the entity.

Question 54

Q

Explain the Read Privilege.

Answer

A

User can read records of entity.

Question 55

Q

Explain the Write Privilege.

Answer

A

User can update data for records of entity.

Question 56

Q

Explain the Delete Privilege.

Answer

A

User can delete records of the entity.

Question 57

Q

Explain the Append Privilege.

Answer

A

User can attach this entity to other records.

Question 58

Q

Explain the Append To Privilege.

Answer

A

User can attach other records to this entity.

Question 59

Q

Explain the Assign Privilege.

Answer

A

User can make other Users or Teams the owner of this entity.

Question 60

Q

Explain the Share Privilege.

Answer

A

User can share records of the entity with other Users or Teams.

Question 61

Q

Privileges can be granted at different access levels for what reason?

Answer

A

To define the records of the entity that the user can perform that action against.

Question 62

Q

Why don’t Organization-owned entities have privileges to Assign or Share?

Answer

A

It only applies to entities owned by Users or Teams.

Question 63

Q

Access Levels indicate what?

Answer

A

The records of each entity on which the User can use a privilege.

Question 64

Q

What two access levels exist for Organization-owned entities?

Answer

A

None and Organization.

Answer 63

A

User does not have the privilege.

Answer 64

A

User has privilege for records they own and for records shared with user either directly or through Team membership.

Answer 65

A

The user has the privilege on all records that are owned by members of his or her Business Unit. Does not have permissions on records owned by members of child Business Units.

Answer 66

A

The user has the privilege on all records that are owned by members of his or her Business Unit, and all records owned by members of child Business Units to any depth.

Answer 67

A

User has privilege on all records in the organization.

Answer 68

A

You can click the labels to modify a whole row or column at one time. Level cycles round together.

Answer 69

A

Entities such as User, Team, Facility/Equipment can have privileges that are set to anything except User level because these entities are not user owned, they are BU owned. Saved Views and User Charts can only be saved to User level or none (these aren’t entities though).

Answer 70

A

Application features such as Print, Merge, Export to Excel and Go Offline. These privileges apply to features globally.

Answer 71

A

Have the usual five, due to their relation to records.

Answer 72

A

Buttons are not shown for actions that a user does not have the privilege to perform.

Answer 73

A

The privileges are additive, and the highest access level applies (least restrictive security model).

Answer 74

A

Any users assigned to that role will have their privileges updated as soon as you save or import.

Answer 75

A

Specify a new name, but not a new Business Unit. The copy will be in the same BU as the original.

Answer 76

A

No. Changes in original are not reflected in the copy.

Answer 77

A

You can directly compare the copy and the original as you make or document your changes.

Answer 78

A

When the role only has a few privileges specified to use as an additional role layered over a main Security Role assigned to a User.

Answer 79

A

Settings > Administration > Security Roles > Business Unit dropdown list, select Business Unit where the role to be modified exists > Modify > Save and Close

Answer 80

A

Settings > Administration > Security Roles > Business Unit drop down list > Select Security Role to be copied > More Actions > Copy Role > OK

Answer 81

A

Settings > Administration > Security Roles > New > Role Name field fill > Business Unit lookup field, select BU > Configure privileges and access levels > Save and Close

Answer 82

A

No. You’ll have to delete and recreate in the proper BU if you made a mistake.

Answer 83

A

Is optional. Must be located in the same Business Unit as the User, or above the User’s BU in the hierarchy.

Answer 84

A

Create/enable/disable users, identify managers, create/delete teams, assign users to teams, assign security roles to users and teams, move users and teams between business units.

Answer 85

A

Disable an account if member of staff has left organization, and user no longer requires a user license. Records are still available and should be reassigned.

Answer 86

A

A group of users who work together for a long time, such as a department of an org or a project team.

Answer 87

A

Can be assigned Security Roles and own records.

Answer 88

A

Cannot have security roles, cannot own records, but records can be shared.

Answer 89

A

Not the other way around.

Answer 90

A

Faster information sharing- Implicit sharing dynamically applied to Users added and removed- Security roles can be granted to an owner Team and layered- Can be used for querying and reporting. - if owner team has role granting user level read access, team can own records for that entity- team can be linked to a queue

Answer 91

A

When you create a Business Unit, a Team is automatically created in the Business Unit with the same name.

Answer 92

A

Default team cannot be deleted, renamed, moved or have its membership modified. But you can assign security roles to the default team.

Answer 93

A

Can be used by members of the Team.

Answer 94

A

To the Team and not the User.

Answer 95

A

Every team is associated with one Business unit. - Teams can contain users are members. Not other teams. - Users can belong to more than one Team. - Though a Team is associated with a BU, users can be anyone regardless of BU. - Sharing a record with a Team shared it indirectly with all users in that Team.

Answer 96

A

Settings > Administration > Teams > New > Fill out fields in Tab.

Answer 97

A

You can do it through the Team record, or through the User record.

Answer 98

A

Settings > Administration > Teams > Local Business Teams > Add members.

Answer 99

A

Settings > Administration > Users > Teams > remove > add existing team > Look up more if necessary.

Answer 100

A

It gives another User or Team specified access to a single record, useful when you want selected Users from other Business Units to work on records they don’t have access to.

Answer 101

A

Sharing with all the Users in the Team.

Answer 102

A

Shares are stored as records in the SQL database, so it provides better system performance than when shared with users due to fewer records being created in the table, and thus table is queried more efficiently.

Answer 103

A

Personal views from Saved Views, Personal charts from More Actions and Personal dashboards from More Commands.

Answer 104

A

The components are a single view, chart, dashboard all will use. If one changes it, it will be modified for all. The one sharing can choose to allow others read only, or change depending.

Answer 105

A

Navigate to record > More commands > Share > Add user/team > select > OK

Answer 106

A

before share granting corresponding permission will take effect and allow access.

Answer 107

A

Append and Append to privilege in Security Roles.

Answer 108

A

This grants access to Users who are added to the Team later and removes access from Users who are no longer in the Team.

Answer 109

A

This effectively shares the record with all Users in that Business Unit.

Answer 110

A

The recipient has at least the User level access for that permission through his or her Security Roles. Meaning, user cannot have more privileges to a shared record than the user has for his or her own records of that entity.

Answer 111

A

Current roles will not be shown, even if they have the same roles assigned. You can only use this method to add more roles to multiple people at the same time, not remove.

Answer 112

A

After you move a User, assign new security roles to the User. If you move a Team that has a security role assigned, you will also have to reassign appropriate roles.

Brainscape's Knowledge GenomeTM

Module 02 - Building a Security Model in MSDynCRM2013 Flashcards

Brainscape's Knowledge Genome^TM