Saturday, 7 September 2013

Access Levels In MSCRM 2011

Microsoft CRM includes four distinct access levels presented in order of increasing authority.

User (basic)

User Access is the most restrictive of all the access levels. With User Access rights, a User can perform actions on the following:
  • Records he owns
  • Records owned by another User but which have been shared with him
  • Records owned or shared by a Team of which he is a member

Business Unit (local)

Business Unit Access is a step above the basic User level. It includes all the User Access rights, but it also provides access to Records that are owned by or shared with other Users who belong to the same Business Unit. The term local really corresponds to one distinct Business Unit of which the User is a member.
For example, if Moe has local Opportunity read rights, he can review the Records for all prospects interested in signing up for the beta tester program at his company. If Moe had only User Access, he could see only those Records that he had created himself or Records that other Users had decided to share with him.

Parent: Child Business Units (deep)

A User with Parent: Child Access rights have Business Unit Access plus the ability to access objects or Records from any Business Unit that's subordinate to the unit he is assigned to. If you think of an organizational chart for the divisions of your company, a deep view enables you to see your Business Unit and all those directly below it.

Organizational (global)

Organizational Access rights are the least restrictive of all the categories. With Organizational Access, you can perform actions on any Record within the system, regardless of the Business Unit you belong to and regardless of sharing issues.
Organizational Access rights should be reserved for a small group of system administrators who have the overall responsibility for the integrity of the database. At least two people in your company should have these rights (one for backup purposes), but probably not many more than that.
It should not be a foregone conclusion that the CEO or the director of IT should have complete Organizational Access. With the privilege also come the responsibility and the possibility of unintentional damage done by the weekend warrior or by those who view themselves as techno geeks. Individuals' job requirements and their knowledge of the system relate directly to their getting this level of access.