Online Library UX 365 Working with Security Roles | Page 5

• Write – Edit an existing record. (Some UX processes use this privilege.) • Delete – Delete a record. (Some UX processes use this privilege.) • Append – Attach another entity or associate another entity with the record. This works in conjunction with ‘Append To’. • Append To – Attach another entity or associate another entity with the record. This works in conjunction with ‘Append’. • Assign – Change a record’s owner to a different user. • Share – Share a record with another user or team. • Enable/Disable – Activate or deactivate records. This privilege appears only on the Business Management tab of the “Business Unit” and “User” entities. Not all privileges apply to every entity. Access levels Access levels control the level of the organization where a privilege applies. Dynamics CRM allows you to set up a security model based on your association’s structure. The hierarchy of the structure includes the organization at the top level (that is, the company that owns the deployment), with business units (that is, a logical grouping of business operations) below it. If necessary, a business unit can be the “parent” of any number of “child” business units, and a child business unit can be a parent business unit. The lowest level of the hierarchy is the user. Note Microsoft Dynamics CRM also allows organizations to group users in teams to help share records. Each of these levels in the organizational hierarchy relates to an access level, and the access level in turn uses the ownership of a record to determine who can do what with the record. The access levels included are: • User – Only the user who owns a record can perform the action on that record, unless the owner has shared the record with a team or with other users. • Business Unit – Any user who is in the same business unit as a record’s owner can perform the action on that record. • Parent Child Business Unit – Any user who is in the parent business unit of a record’s owner can perform the action on that record. • Organization – Any user in the organization can perform the action on records in the entity, regardless of the owner. For example, assume that the organizational hierarchy includes four levels: the organization, a parent level of business units, one child level of business units, and users. The default security role, UX Core, has all of the privileges for the Account entity set to the Organization access level, which means that any user in the organization with that security role can create, read, write, delete, append, append to, assign, or share an account record. However, the privileges for the User entity are set to Business Unit, which means that a user in this role must belong to the same business unit as a record’s owner before they will be allowed to perform any actions on the record. 4