This documentation is archived and is not being maintained.

Access Levels

Forefront
banner art

[Applies to: Microsoft Dynamics CRM 4.0]

Find the latest SDK documentation: CRM 2015 SDK

The access level for a privilege determines for a given entity type at which levels within the organization hierarchy a user can act on that type of entity. Microsoft Dynamics CRM has the levels of access shown in the following table, starting with the most access.

Global Global. This access level exposes to a user all entity instances within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs. Users who have Global access automatically have Deep, Local, and Basic access also.

Because this access level gives access to information throughout the organization, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the organization.

Note   The application refers to this access level as Organization.

Deep Deep. This access level exposes to a user entity instances in the user's business unit and all business units subordinate to the user's business unit.

Users who have Deep access automatically have Local and Basic access also.

Because this access level gives access to information throughout the business unit and subordinate business units, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business units.

Note   The application refers to this access level as Parent: Child Business Units.

Local Local. This access level exposes to a user entity instances in the user's business unit.

Users who have Local access automatically have Basic access also.

Because this access level gives access to information throughout the business unit, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business unit.

Note   The application refers to this access level as Business Unit.

Basic Basic. This access level exposes to a user entity instances he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member.

This is the typical level of access for sales and service representatives.

Note   The application refers to this access level as User.

None None Selected. None.

Examples

  • If a user has Deep Read Account privileges, this user can read all accounts in his or her business unit, and all accounts in any child business unit of that business unit.
  • If a user has Local Read Account privileges, this user can read all accounts in the local business unit.
  • If a user is assigned the Basic Read Account privilege, this user can read only the accounts that he or she owns or the accounts that are shared with him or her.
  • A customer service representative with the Basic Read Account privilege can view accounts that he or she owns and any accounts another user has shared with this user. This makes it possible for the representative to read the account data that is relevant to a service request, but not to change the data.
  • A data analyst with the Local Read Account privilege can view account data and run account-related reports for all accounts in his or her business unit.
  • A finance officer for the company with the Deep Read Account privilege can view account data and run account-related reports for all accounts in his or her business unit and accounts in any child business unit.

See Also

Concepts

Other Resources


© 2010 Microsoft Corporation. All rights reserved.


Show: