Security is an essential aspect of any business, and Dynamics 365 Sales provide several tools that allow administrators to configure security roles to manage users’ access and permissions. With the right security roles in place, you can ensure that only authorized personnel have access to sensitive data, reducing the risk of a data breach.
In this blog, let’s discuss some of the best practices for setting up security roles in Dynamics 365 Sales.
1. Understand the User Roles
Before setting up security roles, it is essential to understand the user roles in your business. A great starting point is to determine the job functions of each employee and their required access levels to the different features and functionalities within the system. Once you have a clear understanding of these job functions, you can begin to define the corresponding security roles.
Here is an example of a Sales Manager Role:
- Sales Managers should be able to create new Leads and Accounts on the system.
- Sales Managers should be able to edit and view Leads and Accounts in the system.
- Sales Managers should not be able to permanently delete Leads or Accounts.
- Sales Managers should not be able to give ownership of records to other users (leads and accounts).
2. Get familiar with the privileges and access levels
If you understand the available privileges and access levels, you can make informed decisions about which permissions to grant to users, and ensure that they only have access to the data and functions they require.
After determining what each role should be able to accomplish on the system, you can map their privileges (P) and access levels (AL). This could be used as a reference plan when doing the mapping to the system.
Of course, you can go into much more depth, but this should give you an idea of how to start off the approach to access levels and privileges.
3. Create Custom Security Roles
Several security roles are available out-of-the-box in 365 Sales, such as “Sales Manager” and “Salesperson”. However, depending on the security needs of your business, you may need a variety of configurations. Custom security roles enable you to refine the privileges and access levels to the different features and functionalities in the system, providing your business with better control.
It is not advised to use the standard roles, rather, consider doing the following:
- Copy Create – Copy a standard role that has the closest correspondence with the security access you are trying to achieve.
- Naming Convention – Change the name of the role. It is good practice to add a prefix to the name of the copied role, for example for the company Contoso, create “CS_Sales Manager”.
- Customize – Configure the security access of the newly copied role to suit your security needs.
In this way, the integrity of the built-in security roles will not be compromised.
4. Consider using team-based roles…
Setting up and managing roles at the team level, especially for larger businesses, is preferable. It is often considered more efficient and practical than managing them at the individual user level. Here are a few reasons why:
- Simplifies role management – the team roles will automatically be inherited by all team members, making it simpler to manage groups of users with similar access needs.
- Facilitates collaboration – Teams frequently collaborate on projects, so it makes sense to assign security roles at the team level, giving the team equal access to data and functionality. Allowing for better collaboration and teamwork.
- Eases transitions between roles and provides better control – If you are the System Administrator, your job will be simplified. You can simply edit the roles for the team to reflect the new access needs rather than modifying the security roles for each user individually.
5. Conduct Regular Audits
It goes without saying that regularly auditing your security roles is an important aspect of maintaining the system’s security. Security audits enable you to identify any unauthorized changes or access and address them promptly. To make sure your security roles are still appropriate and suited to the business needs, it is recommended that you perform these checks at a minimum every six months.
6. Make use of Solutions and DTAP
Migration of the security roles is handled by using Solutions. Also, make sure that you follow the DTAP principle when creating, testing, and moving solutions to production. Start creating the security roles in your development environment, then move them to test, then acceptance, and ultimately production environment. You can’t go wrong with these controlled phases. If you’re responsible for testing, make sure you log in with each team or user’s login credentials to see what they can see and test what actions can be taken from their level of access.
7. Use the Principle of Least Privilege
When creating user roles you might wonder if it would be better to start off with more access or with less. The principle of least privilege is an essential security practice that involves giving users the minimum permissions necessary to execute their job functions. It is crucial to follow this principle and ensure that users only have access to the specific features and data necessary to perform their duties. This will prevent unauthorized access to forms and system actions, as well as accidental or intentional leaks of data.
8. Train Your Users
Finally, it’s essential to provide training to your users on how to use the system securely. Ensure that they understand the implications of their actions when accessing and sharing sensitive data. Training should include best practices for password security and secure data handling.
Setting up user permissions in Dynamics 365 for Sales is crucial for maintaining the system’s security and preventing unauthorized access to sensitive data. To configure security roles effectively, you need to understand the user roles, familiarize yourself with the privileges and access levels, create custom security roles, consider team-based roles, conduct regular audits, and make use of solutions and the DTAP principle. By following these best practices, you can ensure that your Dynamics 365 Sales system is secure and that only authorized personnel have access to the data and functionality they require to perform their job functions.
For more information about security roles in Microsoft Dynamics 365 for Sales consult Microsoft Learn.