Role-Based Security

Role-Based Security

banner art

[Applies to: Microsoft Dynamics CRM 4.0]

Find the latest SDK documentation: CRM 2015 SDK

The fundamental concept in role-based security is that privileges are assigned to defined categories of users (known as roles) rather than to individual users. When a user is assigned to one of these roles, he or she is assigned the set of privileges associated with that role. A user who is not assigned to a role does not have any privileges.

In Microsoft Dynamics CRM, a role describes a defined set of responsibilities (or tasks to perform) within the organization. A role, for example, a salesperson, is assigned a set of privileges that are relevant to the performance of the tasks defined for that role. All users must be assigned to one or more predefined or custom roles.

A privilege authorizes the user to perform a specific action on a specific entity type. Privileges apply to an entire class of objects, rather than individual instances of objects. For example, if a user does not have the privilege to read accounts, any attempt by that user to read an account will fail.

The access level determines the levels within the organization to which a privilege applies. Each privilege can have up to four access levels: Basic, Local, Deep, and Global.

For more information, you can download the following white paper at: Security and Authentication in Microsoft Dynamics CRM: The Microsoft Dynamics CRM Security Model.

In This Section


Describes the predefined roles that reflect common user roles.


Describes the many privileges that are predefined on a system-wide basis during setup.

Access Levels

Describes the access levels for privileges.

Related Sections

Privileges by Message

Security Dependencies

Security Best Practices

© 2010 Microsoft Corporation. All rights reserved.

© 2016 Microsoft