-
This is for beginners in MS CRM 4.0 wanting to understand the Security Architecture in MS CRM 4.0. Download the whitepaper from:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=fb4bb16b-586f-4aae-aa4b-790023e95b61

A brief summary for the Role Based Security and the Object based security is explained from the article:

To determine the extent to which users have access to the system and the resources it stores, Microsoft Dynamics CRM leverages two complementary security mechanisms:

  1. Role-based security in Microsoft Dynamics CRM focuses on grouping a set of privileges together that describe the tasks that are performed for a user in a specific job function. The basic concepts of role-based security include the following:
    o Users are assigned one or more roles based on their job function or tasks
    o Roles are associated with permissions (privileges and access levels) for the different business objects (entities)
    o Users gain access to entities or groups of entities in the system via membership in a role that has been assigned the necessary privileges and access levels to perform the users’ jobs.
  2. Object-based security in Microsoft Dynamics CRM focuses on how users gain access to individual instances of business objects (entities).

Role-based Security
Role-based security in Microsoft Dynamics CRM is based on the interaction of privileges and access levels, which work together through the use of security roles.

Privileges define what actions a user can perform on each entity in Microsoft Dynamics CRM. Privileges are pre-defined in Microsoft Dynamics CRM and cannot be changed; examples of privileges include Create, Read, Write, and Delete.

Access levels indicate which records associated with each entity the user can perform actions upon.The access level associated with a privilege determines (for a given entity type) the levels within the organizational hierarchy (User, team and Business Unit) at which a user belonging to a specific role can act on that type of entity.


Each security role provides a combination of privileges and access levels specific to a Microsoft Dynamics CRM job function.

Object-based Security

Object-based security applies to individual instances of entities and is provided by using access rights. An access right is granted to a user for a particular entity instance.
The relationship between an access right and a privilege is that access rights apply only after privileges have taken effect. For example, if users do not have the privilege to read accounts, they will be unable to read any account, regardless of the access rights another user might grant them to a specific account through sharing.

The article also provides greate examples for different combinations of privileges, access levels and access rights. Happy reading!!


Comments

Post a Comment

Popular posts from this blog

The key specified to compute a hash value is expired, only active keys are valid.

-
Ever accessed Microsoft Dynamics CRM and got the error “The key specified to compute a hash value is expired, only active keys are valid.” The error logged in the trace is as follows: MSCRM Error Report: -------------------------------------------------------------------------------------------------------- Error: Exception of type 'System.Web.HttpUnhandledException' was thrown. Error Number: 0x8004A106 Error Message: The key specified to compute a hash value is expired, only active keys are valid. Expired Key : CrmKey(Id:d0879dd3-7f9d-de11-a5c4-0003ff392bd3, ScaleGroupId:00000000-0000-0000-0000-000000000000, KeyType:CrmWRPCTokenKey, Expired:True, ValidOn:09/09/2009 20:32:01, ExpiresOn:10/12/2009 20:31:55, CreatedOn:09/09/2009 20:32:01, CreatedBy:NT AUTHORITY\NETWORK SERVICE. Error Details: The key specified to compute a hash value is expired, only active keys are valid. Expired Key : CrmKey(Id:d0879dd3-7f9d-de11-a5c4-0003ff392bd3, ScaleGroupId:00000000-0000-0000-0000-000000000
Read more

IFD Implementation for custom web pages and Anonymous Access

-
When deploying my custom web pages for an IFD deployment, I got a FileLoadException (Exception from HRESULT: 0x80131401) on accessing the page in the browser. Basically, this issue arose since anonymous access was somehow disabled for the “ISV/CustomPages” application in IIS while by default it is enabled for the Microsoft Dynamics CRM website. This implied that my custom web site was using Windows NT Authentication, while the Microsoft Dynamics CRM Website was enabled for anonymous access. Hence, I got “Loading this assembly would produce a different grant set from other instances” on accessing any of my web pages from within MS CRM. Simply turning on anonymous access for my custom website did the trick and rendered all my custom web pages correctly :)
Read more

Using CRM Services to create or update records in large numbers

-
Recently, I implemented a plug in code which invoked auto creation of records from a contacts list (rather marketing lists based on MS CRM contacts) for my custom entity. The code worked well but it hanged whenever I considered a marketing list of more than 3000 contacts. The error logged read: Only one usage of each socket address (protocol/network address/port) is normally permitted. Basically, the error was thrown when the creation process exhausted the limit of socket connections allowed by the IIS and the SDK still polled for another connection and consequentially timed out after a certain number of records were created. A quick workaround for this is to change the following entries in the registry: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort to 65534AndHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPTimedWaitDelay to be 30 The link : http://dmcrm.blogspot.com/2008/07/updating-records-in-mass-via-sdk.html also mentions a resolution of this by us
Read more