Module 02 - Building a Security Model in MSDynCRM2013 Flashcards
What is a key objective of any security model?
Prevent unauthorized access or modifications to data.
Security rights that you configure in CRM also has a direct effect on what?
Affects the way she system behaves and is displayed to the user.
If a user does not have access to a specific entity or application feature…
They are simply not visible in the user’s interface.
CRM uses a role-based security model.
Meaning, permissions are defined for a specific job role that is then assigned to users or Teams.
Business Units define…
A hierarchy of Users and Teams. And the records the Users and Teams own.
Security Roles define…
The privileges the Users and Teams should be granted.
Being able to apply permissions on records allows users to…
Perform different actions on records that are owned by other Users or Teams in their Business Unit, from the actions they can perform on records located in another Business Unit.
Business Units are helpful to reporting, how?
As an example, a single report can be used by several users in different Business Units to receive the results. Records reflected in the report only include the records that a user has access to.
What is the root Business Unit?
The first Business Unit is generated by the deployment process when the Organization is created.
Business Units are often created to reflect…?
The operational reporting hierarchy of the business separated by geography or function, or a combination of both.
What can the root Business Unit represent?
Can represent the corporation or the holding company of all Business Units in the organization. It is the upper-level node of CRM organizational hierarchy.
What are some key characteristics of the root Business Unit?
There is only one root Business Unit. It is created by the CRM Server Setup program. Cannot be assigned a parent Business Unit. Cannot be disabled or deleted.
What can Business Units represent?
Subsidiaries, divisions, departments, or just groups of users that have other commonalities such as skills or responsibilities.
You should design the Business Unit hierarchy to support what?
The reporting and access requirements, instead of copying the organization chart.
How do you create a Business Unit?
CRM > settings > administration > business units > new > enter name > parent business selection > complete other properties > save and close record.
Which field is required for any Business Unit you create?
Parent Business field. The root Business Unit does not require a parent.
How do you modify a Business Unit?
CRM > settings > administration > business units. –> change parent business to change location in hierarchy, or other properties.
When you change the Parent Business Unit of a Business Unit to reorganize your structure, what rules apply?
When a Business Unit is reassigned to a new parent, all its child Business Units move with it. You cannot create circular relationships.
What might you have issues with when you move a business unit?
You might have issues with Security Roles assigned to a User or Team. Only security roles locally defined in the Business Unit will remain. Inherited security roles will be removed.
When would you want to Disable a Business Unit?
For example, it temporarily stops operation. It will disable all child Business Units and users attached to these Business Units.
Users who are assigned to a disable Business Unit cannot access CRM but what happens to the data?
No data is lost. As soon as a BU is enabled, the disabled users can access the aplication again.
All enabled users who are assigned to an enabled Business Unit can access…
CRM.
A disabled user is not enabled when his or her Business Unit is…
Enabled.
How to enable or disable a Business Unit?
Settings > Admin > Business Units > select Business units > More actions menu to click either Enable or Disable > OK
How can you permanently delete a Business Unit?
You must disable it first and remove any child Business Units, Users and Teams.
How can you remove child Business Units, Users and Teams?
Either by reassigning Business Units, Users and Teams individually to a new parent, or deleting Business Units or Teams (users cannot be deleted).
What are you unable to delete when attempting to delete a Business Unit permanently?
The Users, and the default Team of the Business Unit cannot be deleted.
If you want to keep Facility/Equipment records and Resource Groups, you must?
Move the sources to a different Business Unit as they will be deleted when the Business Unit is deleted.
Best Practice for deleting Business Units?
Should disable Business Units instead of deleting them. Deleting is irreversible.
How to delete a Business Unit?
CRM > Settings > Administration > Business Units > Inactive Business Units > make sure all users, child Business Units and Teams (except default) are removed > Delete > Confirm deletion.
In order to access the system, each user must be assigned what?
A security role.
How do users receive their permissions to work on records or use features?
It is based on the combination of security roles they are assigned and the business units to which they belong.
What are Teams used for?
Teams are used to group users together from one or more Business Units for reporting purposes or to grant the Users the permissions that are given to the Team.
What happens if a team has one or more Security Roles?
Users who are members of the Team can use these privileges and the permissions from their own Security Roles.
Users can share a record with a Team or assign a record to a Team to own the record if?
The Team has at least read access to the entity.
How to give the User permissions required based on primary/secondary/temporary/project role?
Layering multiple roles and permissions assigned directly or indirectly to the User.
A Security Role is created in and remains, where?
In a Business Unit.
What happens when a Security Role is created?
The Security Role is copied to the child Business Units of that Business Unit and down the hierarchy.
What are the copies of the Security roles called?
Inherited roles, which cannot be modified or deleted. If original role is modified, the configuration is copied down so copies always replica of original.
A Solution can only contain Security Roles that are created in…?
The root Business Unit.
What happens to Security Roles when a solution package is imported?
Security roles are created in the root Business Unit of the target system or update an earlier version of the same if it it already exists. Inherited roles are then created or updated in all BUs of the target Organizations.
Users and Teams can only be assigned to a Security Role in their own Business Unit, so that inherited roles make it easier to…
Assign the same privileges to users in different Business Units without having to create and maintain matching roles.
It is recommended that Security roles are created where and why?
In the root business unit, and use inheritance to create copies in other Business Units, to avoid having security roles with matching names but completely different permissions and similar issues.
What is a best practice concerning the creation of security roles?
It is recommended that you create copies of the default roles and configure the copies to meet your exact security requirements instead of assigning the default roles directly to Users and Teams.
Why is creating copies of the default roles useful?
You can keep them as a reference, and you can delete them later on and only use the ones you have modified.
Which security role are you unable to modify, ever?
The System Administrator role.