Security Principals

CRM 1.0

Microsoft CRM defines a security principal as an entity that can effectively "own" or "access" an object within the system. There are two primary types of security principals within Microsoft CRM: users and teams. The CSecurityPrincipal class is used in many APIs, such as GrantAccess and Assign. With few exceptions, all entities that can be owned by users can also be owned by teams.

Note   The Microsoft CRM application does not support assignment of objects to teams.


A team is a group of users. A team does not have any roles assigned to it, nor does it have any privileges. However, you can grant a team access to objects in the same manner in which you grant a user access to objects, and teams can even own objects. The actual access to objects shared within a team for a user who is a member of the team is determined by that user's privileges.

For example: Two users, Joe and Sara, are members of the same team. Joe is a Salesperson and, thus, has the privilege to read opportunities. Sara is a Customer Service Representative and does not have that privilege. If an opportunity is shared with the team, Joe will have access to it and Sara will not.

© 2005 Microsoft Corporation. All rights reserved.