Microsoft Dynamics CRM 365 Security Model - Banking Sector

Microsoft Dynamics CRM 365 offer a wide range of security modeling features, and it is important to choose the most appropriate approach to implementing a particular solution. In most CRM implementations, access to information is either provided openly within the organization or it’s limited by a combination of the role and the business area or group in which a user works or operates.

With Dynamics CRM, security hierarchies was introduced, which layers on top of the existing capabilities. Hierarchies provide the ability for a person to inherit privileges from users they manage or otherwise have a hierarchical relationship over.

Banking Security Model:

As per Business flow, we are using managerial hierarchy model in combination with the Security Role privileges, Business unit and Team. In bank, they have four types of business users:

1. Vice President
2. Senior Manager
3. Manager
4. Officers.

Officers directly reporting to managers and managers reporting to senior manager and senior manager reporting to Vice president. Similarly, managers can view the data of officers and senior manager can view the data of managers and officers and Vice President can view the data of their sub-ordinates senior managers, managers and officers. The users can perform the following ways:

Direct manager:

• The direct manager is granted the privileges to read and interact with records their direct reports can.
• This lets the direct manager act on behalf of their direct reports and interact with data. For example, to cover for them in the direct report’s absence.

2nd level manager and above:

• Further up the management hierarchy only read privileges are inherited, giving visibility and oversight to activity of their indirect reports but not the ability to act as them.

Business Unit:

We have one business Unit and at top as default Business unit as “ABC Bank” and the two Business unit under the main business unit with name “Retail” and “Corporate”. Its compulsory all the users’ have under a business unit. The users whose works in retail business areas added in Retail business units and similarly the users whose works on corporate business areas added in corporate business unit. The management users who managing the users under the both Retail and Corporate business areas under the top ABC Bank Business Unit. Business Unit hierarchy expanded in future when more Business modules or department defined.

Teams:

Each business Unit have its Default Team. All the user under the same business automatically assigned to the default team of that business Unit like VP and Senor manager is the part of the ABC Bank Team because those users added in ABC Bank business unit and officer user 1, Officer user 2 and manager User 1 is the part of Retail Team because those users added under retail Business Unit and Officer User 1 and Manager User 2 is the part of Corporate Team because those user added in corporate business unit team.

Fig 1: ABC Bank Business Hierarchy

Managerial Hierarchy Model:

Following is the hierarchy structure designed according ABC bank business users.

1. VP User is have three subordinates like senior manager, manager and Officer. He can view the data of all users
2. Senior manager have two subordinates like manager, officer. He can view the data of manager and officer user 1 and officer user 2
3. Manager have 1 subordinates. And he can view the data of Officer 1 user.

Fig 2: Bank Managerial Hierarchy

Officer User 1 (Retail):

Officer user 1 from Retail has created two leads in systems.

Officer User 2 (Retail):

Officer User 2 from Retail has created two leads in systems.

Manager User (Retail):

The Manager User 1 from Retail Business Unit can view his own created leads and his sub-ordinate Officer User leads.

Officer User 3 (Corporate):

Officer User 3 from Corporate has created two leads in systems.

Manager User 2 (Corporate):

The Manager User 1 from Corporate Business Unit can view his own created leads and his sub-ordinate Officer User leads.

Senior Manager User (ABC Bank):

Senior Manager from ABC Bank business unit can see the leads of his own created and the create by his subordinates from all two business Units Retail and Corporate (officer user 1, officer user 2 Officer User 3, Manager User 1 and Manager User 2)

Vice president User:

VP can view his own created records and the all his reports user from all business Unit because VP use from Top business unit ABC Bank.

Field Security Profile:

In addition to defining security around users and teams, a more minute level regulation of security can be done around a single field by utilizing Field Security Profiles. A field security profile is used to give access to fields that have been enabled for field level security to users other than the default System Administrator. Read, Update and Create privileges to these fields are given. The fields enabled for field level security are seen with a small key beside the name indicating that its status is secure. This security permission can be granted to users or teams.

In this example. I have created security profile for Business phone field. Just only managers can see and edit business phone field. In below screen, Key icon is placed with business phone field and its data is not view-able for officer user.

It’s view-able and editable for other managers’ users who have read and edit rights.