This article will examine the importance of a security model in Dynamics 365 for managing and safeguarding access to data and functionalities within the system. This model involves defining roles, privileges, and access levels to ensure that users have access only to the data and functions necessary for their roles.
The security model in Dynamics 365 Customer Engagement (on-premises) protects data integrity and privacy within a Customer Engagement (on-premises) organization. It also promotes efficient data access and collaboration. Security in Dynamics 365 is based on security roles, which are created within business units. A business unit can represent all or part of an organization. A security role is a collection of privileges and access levels defined by an entity. Privileges allow users in a role to perform actions on records in an entity, while access levels determine the scope of entities and records a user can act upon, ranging from most restrictive to least restrictive.
Every user must:
- Be assigned to only one business unit.
- Have at least one security role to log in.
Dynamics 365 model-driven app security can be controlled in the Security section of Settings.
Privileges: A privilege is permission to act Dynamics 365. Power Apps and model-driven apps use different record-level privileges that determine the level of access a user has to a specific record or record type.
| Privileges | Descriptions | |
| Create | Required to make a new record. | |
| Read | Required to open a record to view the Content. | |
| Write | Required to make changes to the record | |
| Delete | Required to permanently delete a record. | |
| Append | Required to associate the current record with another record. | |
| Append to | Required to associate a record with the current record | |
| Share | Required to give ownership of a record to another user. | |
| Assign | Required to give access to a record. | |
Access Levels :
| Access Levels | Description | |
| Global | This access level gives a user access to all records within the organization | |
| Deep | This access level gives a user access to records in the user’s business unit and all business units subordinate to the user’s business unit. | |
| Local | This access level gives a user access to records in the user’s business unit. | |
| Basic | This access level gives a user access to records that the user owns, objects that are shared with the user, and objects that are shared with a team that the user is a member of. | |
| None | No access is allowed. | |
Types of Security
- Role-Based Security: Groups a set of privileges into roles that describe tasks that can be performed by users and teams. For example, an Account Manager security role may have full access to the accounts they own but cannot see accounts owned by others. Security roles are configured through a combination of privileges (Read, Write, Delete, Append, Assign, Share) and access levels (None, User, Business Unit, Parent: Child Business Unit, Organization).
- Record-Based Security: Restricts or allows access to individual records. For instance, if a user does not have the privileges to view (read) account records, they cannot view any account, regardless of access rights granted by another user through sharing.
- Field-Level Security: Restricts or allows access to specific fields within a record. For example, a user may have privileges to read an account but can be restricted from seeing specific fields in all accounts.
- Hierarchical Security: An extension to existing Dynamics 365 Customer Engagement (on-premises) security models that use business units, security roles, sharing, and teams. There are two types of hierarchical security:
- Manager Hierarchy: To access the report’s data, a manager must be within the same business unit as the report, or in the parent business unit of the report’s business unit.
- Position Hierarchy: Allows access to data across different business units.
The security model in Dynamics 365 is crucial for protecting your organization’s data and ensuring users have the right access to perform their roles effectively. By setting up security roles, privileges, and access levels, you can control who can see and do what within the system. This helps maintain data integrity and privacy, while also promoting efficient collaboration.
Understanding the different types of security—role-based, record-based, field-level, and hierarchical—allows you to create a secure and well-organized environment in Dynamics 365. By carefully managing these security settings, you ensure that your organization’s data is safe and accessible only to those who need it.
For reference, see: https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/security-concepts?view=op-9-1