The security model of Microsoft Dynamics 365


Updated: November 29, 2016

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

Microsoft Dynamics 365 and Microsoft Dynamics 365 (online) provide a security model that protects data integrity and privacy, and supports efficient data access and collaboration. The goals of the model are as follows:

  • Provide users with the access only to the appropriate levels of information that is required to do their jobs.

  • Categorize users by role and restrict access based on those roles.

  • Support data sharing so that users and teams can be granted access to records that they do not own for a specified collaborative effort.

  • Prevent a user's access to records the user does not own or share.

Role-based security in Microsoft Dynamics 365 focuses on grouping a set of privileges together that describe the responsibilities (or tasks that can be performed) for a user. Microsoft Dynamics 365 includes a set of predefined security roles. Each aggregates a set of user rights to make user security management easier. Also, each application deployment can define its own roles to meet the needs of different users.

Record-based security in Microsoft Dynamics 365 focuses on access rights to specific records.

Field-level security in Microsoft Dynamics 365 restricts access to specific high business impact fields in an entity only to specified users or teams.

Combine role-based security, record-level security, and field-level security to define the overall security rights that users have within your custom Microsoft Dynamics 365 application.

More overview information about security can be found in this white paper: Microsoft Dynamics CRM Online security and compliance planning guide.

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright