Module 02 - Building a Security Model in MSDynCRM2013 Flashcards

1
Q

What is a key objective of any security model?

A

Prevent unauthorized access or modifications to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security rights that you configure in CRM also has a direct effect on what?

A

Affects the way she system behaves and is displayed to the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If a user does not have access to a specific entity or application feature…

A

They are simply not visible in the user’s interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CRM uses a role-based security model.

A

Meaning, permissions are defined for a specific job role that is then assigned to users or Teams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business Units define…

A

A hierarchy of Users and Teams. And the records the Users and Teams own.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Roles define…

A

The privileges the Users and Teams should be granted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Being able to apply permissions on records allows users to…

A

Perform different actions on records that are owned by other Users or Teams in their Business Unit, from the actions they can perform on records located in another Business Unit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Business Units are helpful to reporting, how?

A

As an example, a single report can be used by several users in different Business Units to receive the results. Records reflected in the report only include the records that a user has access to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the root Business Unit?

A

The first Business Unit is generated by the deployment process when the Organization is created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Business Units are often created to reflect…?

A

The operational reporting hierarchy of the business separated by geography or function, or a combination of both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can the root Business Unit represent?

A

Can represent the corporation or the holding company of all Business Units in the organization. It is the upper-level node of CRM organizational hierarchy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some key characteristics of the root Business Unit?

A

There is only one root Business Unit. It is created by the CRM Server Setup program. Cannot be assigned a parent Business Unit. Cannot be disabled or deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can Business Units represent?

A

Subsidiaries, divisions, departments, or just groups of users that have other commonalities such as skills or responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You should design the Business Unit hierarchy to support what?

A

The reporting and access requirements, instead of copying the organization chart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do you create a Business Unit?

A

CRM > settings > administration > business units > new > enter name > parent business selection > complete other properties > save and close record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which field is required for any Business Unit you create?

A

Parent Business field. The root Business Unit does not require a parent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How do you modify a Business Unit?

A

CRM > settings > administration > business units. –> change parent business to change location in hierarchy, or other properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When you change the Parent Business Unit of a Business Unit to reorganize your structure, what rules apply?

A

When a Business Unit is reassigned to a new parent, all its child Business Units move with it. You cannot create circular relationships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What might you have issues with when you move a business unit?

A

You might have issues with Security Roles assigned to a User or Team. Only security roles locally defined in the Business Unit will remain. Inherited security roles will be removed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When would you want to Disable a Business Unit?

A

For example, it temporarily stops operation. It will disable all child Business Units and users attached to these Business Units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Users who are assigned to a disable Business Unit cannot access CRM but what happens to the data?

A

No data is lost. As soon as a BU is enabled, the disabled users can access the aplication again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

All enabled users who are assigned to an enabled Business Unit can access…

A

CRM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A disabled user is not enabled when his or her Business Unit is…

A

Enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How to enable or disable a Business Unit?

A

Settings > Admin > Business Units > select Business units > More actions menu to click either Enable or Disable > OK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How can you permanently delete a Business Unit?

A

You must disable it first and remove any child Business Units, Users and Teams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How can you remove child Business Units, Users and Teams?

A

Either by reassigning Business Units, Users and Teams individually to a new parent, or deleting Business Units or Teams (users cannot be deleted).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are you unable to delete when attempting to delete a Business Unit permanently?

A

The Users, and the default Team of the Business Unit cannot be deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

If you want to keep Facility/Equipment records and Resource Groups, you must?

A

Move the sources to a different Business Unit as they will be deleted when the Business Unit is deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Best Practice for deleting Business Units?

A

Should disable Business Units instead of deleting them. Deleting is irreversible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How to delete a Business Unit?

A

CRM > Settings > Administration > Business Units > Inactive Business Units > make sure all users, child Business Units and Teams (except default) are removed > Delete > Confirm deletion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

In order to access the system, each user must be assigned what?

A

A security role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

How do users receive their permissions to work on records or use features?

A

It is based on the combination of security roles they are assigned and the business units to which they belong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are Teams used for?

A

Teams are used to group users together from one or more Business Units for reporting purposes or to grant the Users the permissions that are given to the Team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What happens if a team has one or more Security Roles?

A

Users who are members of the Team can use these privileges and the permissions from their own Security Roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Users can share a record with a Team or assign a record to a Team to own the record if?

A

The Team has at least read access to the entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How to give the User permissions required based on primary/secondary/temporary/project role?

A

Layering multiple roles and permissions assigned directly or indirectly to the User.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A Security Role is created in and remains, where?

A

In a Business Unit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What happens when a Security Role is created?

A

The Security Role is copied to the child Business Units of that Business Unit and down the hierarchy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the copies of the Security roles called?

A

Inherited roles, which cannot be modified or deleted. If original role is modified, the configuration is copied down so copies always replica of original.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A Solution can only contain Security Roles that are created in…?

A

The root Business Unit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What happens to Security Roles when a solution package is imported?

A

Security roles are created in the root Business Unit of the target system or update an earlier version of the same if it it already exists. Inherited roles are then created or updated in all BUs of the target Organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Users and Teams can only be assigned to a Security Role in their own Business Unit, so that inherited roles make it easier to…

A

Assign the same privileges to users in different Business Units without having to create and maintain matching roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

It is recommended that Security roles are created where and why?

A

In the root business unit, and use inheritance to create copies in other Business Units, to avoid having security roles with matching names but completely different permissions and similar issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is a best practice concerning the creation of security roles?

A

It is recommended that you create copies of the default roles and configure the copies to meet your exact security requirements instead of assigning the default roles directly to Users and Teams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Why is creating copies of the default roles useful?

A

You can keep them as a reference, and you can delete them later on and only use the ones you have modified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which security role are you unable to modify, ever?

A

The System Administrator role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What special properties does the System Administrator role have?

A

All privileges to all entities and features at the Organization access level even as new custom entities are created. At least one user must have the role. Cannot be disabled. And users who have this role are members of the System Administrator Field Security Profile.

48
Q

What happens if you make a copy of the System Administrator role?

A

It makes a copy and creates a role that has “nearly” all the privileges, but the copy of the role will not have special properties.

49
Q

What are privileges?

A

Basic security unit in CRM. Describes the actions that are allowed at a selected access level.

50
Q

What are access levels?

A

Describe where the privilege applies.

51
Q

What do security permissions in each Security Role consist of?

A

Privileges.

52
Q

What are entity privileges?

A

Every security role includes a grid that shows the privilege for every combination of each entity and the actions that can be performed on its records.

53
Q

Explain the Create Privilege.

A

User can create records of the entity.

54
Q

Explain the Read Privilege.

A

User can read records of entity.

55
Q

Explain the Write Privilege.

A

User can update data for records of entity.

56
Q

Explain the Delete Privilege.

A

User can delete records of the entity.

57
Q

Explain the Append Privilege.

A

User can attach this entity to other records.

58
Q

Explain the Append To Privilege.

A

User can attach other records to this entity.

59
Q

Explain the Assign Privilege.

A

User can make other Users or Teams the owner of this entity.

60
Q

Explain the Share Privilege.

A

User can share records of the entity with other Users or Teams.

61
Q

Privileges can be granted at different access levels for what reason?

A

To define the records of the entity that the user can perform that action against.

62
Q

Why don’t Organization-owned entities have privileges to Assign or Share?

A

It only applies to entities owned by Users or Teams.

63
Q

Access Levels indicate what?

A

The records of each entity on which the User can use a privilege.

64
Q

What two access levels exist for Organization-owned entities?

A

None and Organization.

65
Q

Access level NONE means?

A

User does not have the privilege.

66
Q

Access level USER means?

A

User has privilege for records they own and for records shared with user either directly or through Team membership.

67
Q

Access level BUSINESS UNIT means?

A

The user has the privilege on all records that are owned by members of his or her Business Unit. Does not have permissions on records owned by members of child Business Units.

68
Q

Access level PARENT:CHILD BUSINESS UNIT means?

A

The user has the privilege on all records that are owned by members of his or her Business Unit, and all records owned by members of child Business Units to any depth.

69
Q

Access level ORGANIZATION means?

A

User has privilege on all records in the organization.

70
Q

What is the entity (row) or privilege (column) shortcut method?

A

You can click the labels to modify a whole row or column at one time. Level cycles round together.

71
Q

There are some privileges for which some levels are not available. Explain.

A

Entities such as User, Team, Facility/Equipment can have privileges that are set to anything except User level because these entities are not user owned, they are BU owned. Saved Views and User Charts can only be saved to User level or none (these aren’t entities though).

72
Q

Miscellaneous privileges relate to …?

A

Application features such as Print, Merge, Export to Excel and Go Offline. These privileges apply to features globally.

73
Q

Miscellaneous Privileges that related to records have how many access levels?

A

Have the usual five, due to their relation to records.

74
Q

UI reflects current privileges, meaning?

A

Buttons are not shown for actions that a user does not have the privilege to perform.

75
Q

If a user is assigned two or more Security Roles, what happens?

A

The privileges are additive, and the highest access level applies (least restrictive security model).

76
Q

If you modify an existing role, what will happen?

A

Any users assigned to that role will have their privileges updated as soon as you save or import.

77
Q

When you create a copy of a role, you can…?

A

Specify a new name, but not a new Business Unit. The copy will be in the same BU as the original.

78
Q

Is there a link between a copy and the original?

A

No. Changes in original are not reflected in the copy.

79
Q

What is an advantage of copying a role?

A

You can directly compare the copy and the original as you make or document your changes.

80
Q

When is it a better choice to create a completely new role?

A

When the role only has a few privileges specified to use as an additional role layered over a main Security Role assigned to a User.

81
Q

To modify an existing role, what are the steps?

A

Settings > Administration > Security Roles > Business Unit dropdown list, select Business Unit where the role to be modified exists > Modify > Save and Close

82
Q

To copy a role, what are the steps?

A

Settings > Administration > Security Roles > Business Unit drop down list > Select Security Role to be copied > More Actions > Copy Role > OK

83
Q

To create a new role, follow which steps?

A

Settings > Administration > Security Roles > New > Role Name field fill > Business Unit lookup field, select BU > Configure privileges and access levels > Save and Close

84
Q

Can Security Roles be moved from one Business Unit to another?

A

No. You’ll have to delete and recreate in the proper BU if you made a mistake.

85
Q

The Manager field…

A

Is optional. Must be located in the same Business Unit as the User, or above the User’s BU in the hierarchy.

86
Q

What kind of user maintenance functionality does CRM provide?

A

Create/enable/disable users, identify managers, create/delete teams, assign users to teams, assign security roles to users and teams, move users and teams between business units.

87
Q

You cannot delete Users but you can?

A

Disable an account if member of staff has left organization, and user no longer requires a user license. Records are still available and should be reassigned.

88
Q

What is a Team?

A

A group of users who work together for a long time, such as a department of an org or a project team.

89
Q

What is an Owner Team?

A

Can be assigned Security Roles and own records.

90
Q

What is an Access Team?

A

Cannot have security roles, cannot own records, but records can be shared.

91
Q

Owner Team can be converted to an Access team, but…?

A

Not the other way around.

92
Q

Advantages of a team?

A
  • Faster information sharing- Implicit sharing dynamically applied to Users added and removed- Security roles can be granted to an owner Team and layered- Can be used for querying and reporting. - if owner team has role granting user level read access, team can own records for that entity- team can be linked to a queue
93
Q

What is the default team?

A

When you create a Business Unit, a Team is automatically created in the Business Unit with the same name.

94
Q

What can you or can’t you do with the default team?

A

Default team cannot be deleted, renamed, moved or have its membership modified. But you can assign security roles to the default team.

95
Q

A security role assigned to a team …

A

Can be used by members of the Team.

96
Q

When a security role is assigned to a team, the access levels are in relation to the what?

A

To the Team and not the User.

97
Q

When you create or manage Teams other than the default, what should you remember?

A
  • Every team is associated with one Business unit. - Teams can contain users are members. Not other teams. - Users can belong to more than one Team. - Though a Team is associated with a BU, users can be anyone regardless of BU. - Sharing a record with a Team shared it indirectly with all users in that Team.
98
Q

How do you create a new team?

A

Settings > Administration > Teams > New > Fill out fields in Tab.

99
Q

How to add users to a Team record?

A

You can do it through the Team record, or through the User record.

100
Q

To add users to a Team?

A

Settings > Administration > Teams > Local Business Teams > Add members.

101
Q

To manage a User’s membership?

A

Settings > Administration > Users > Teams > remove > add existing team > Look up more if necessary.

102
Q

What is Sharing and why is it useful?

A

It gives another User or Team specified access to a single record, useful when you want selected Users from other Business Units to work on records they don’t have access to.

103
Q

Sharing a record with a Team is equivalent to…?

A

Sharing with all the Users in the Team.

104
Q

Sharing with a Team is generally better for performance because…?

A

Shares are stored as records in the SQL database, so it provides better system performance than when shared with users due to fewer records being created in the table, and thus table is queried more efficiently.

105
Q

Users can share…?

A

Personal views from Saved Views, Personal charts from More Actions and Personal dashboards from More Commands.

106
Q

Why is it important for Users to understand that components like views that are shared with a Team are not copies?

A

The components are a single view, chart, dashboard all will use. If one changes it, it will be modified for all. The one sharing can choose to allow others read only, or change depending.

107
Q

Sharing records, steps?

A

Navigate to record > More commands > Share > Add user/team > select > OK

108
Q

When granting permissions through sharing, a user must have at least User level for a privilege through a security role…

A

before share granting corresponding permission will take effect and allow access.

109
Q

The Append privilege assigned through sharing applies to both?

A

Append and Append to privilege in Security Roles.

110
Q

Sharing a record with a team shares record with all users of that Team. Therefore…

A

This grants access to Users who are added to the Team later and removes access from Users who are no longer in the Team.

111
Q

When a record is shared with a BU’s default Team…

A

This effectively shares the record with all Users in that Business Unit.

112
Q

Privileges granted by sharing a record do not apply unless?

A

The recipient has at least the User level access for that permission through his or her Security Roles. Meaning, user cannot have more privileges to a shared record than the user has for his or her own records of that entity.

113
Q

Manage User Roles dialog box will show the roles a User already has and can add or remove roles here. What happens if you select more than one user?

A

Current roles will not be shown, even if they have the same roles assigned. You can only use this method to add more roles to multiple people at the same time, not remove.

114
Q

Every User and Team in CRM belongs to a single BU, can you move Users or Teams to different BUs?

A

Yes.

115
Q

What is a best practice concerning the moving of Users and Teams?

A

After you move a User, assign new security roles to the User. If you move a Team that has a security role assigned, you will also have to reassign appropriate roles.