Cloud Computing, Microsoft 365

5 Mins Read

A Guide to Access Data Access and Permissions in Microsoft Dynamics 365 CRM

Voiced by Amazon Polly


Security roles in Dynamics 365 Customer Engagement (CRM) are essential for controlling who can access data and other system features. Security roles partly define what users can do and access data.

Security roles are crucial in determining how users’ access and permissions are shaped within the system. An essential part of the security model is security roles, which guarantee that users can access information and features according to their jobs within the company.

How to Assign the Security Role for New Person

Navigate to Security Roles

Settings –> Advanced Settings –> Security –> Users

If the person is new to Dynamics and wants access to the CRM, we need to give the Role. Go to the users, select the username, and click on the manage Roles.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

List of the few securities Roles

  • Salesperson

The security roles assigned to salespeople often determine their access level in Dynamics 365 Customer Engagement. The salesperson role can see only their records. They cannot see the organization’s data and other Data as well.

  • Sales Manager

The sales manager can also see all data and team members’ data. This role is more accessible than the salesperson role, and they can also access custom entities.

  • Vice President of Sales

For this role, those usually oversee the sales department for multiple business divisions or the entire company.

  • System Administration

Users with complete authority to administer, update, configure, install, and create security roles and modify and allocate them. They will be able to see every piece of environmental data.

Privileges levels

Security privileges in Dynamics 365 refer to the permissions that manage access to different system items and actions. These rights assist companies in managing and regulating the degree of user access to data and CRM capability.

Types of Privileges


  • Read: View access to customer records, leads, opportunities, and other relevant data.
  • Write: Ability to create, update, and edit records such as leads, opportunities, and accounts.
  • Ability to add notes, activities, and other information to customer records.
  • Delete: Permission to delete records, such as leads, opportunities, or activities, depending on the security role.
  • Assign: Ability to assign records to other users, which is crucial for managing leads and opportunities within a team. On Assigning a record, Ownership will be transferred to the new user.
  • Share: Users may be able to collaborate by sharing records with other users through certain security responsibilities
  • Append: It is necessary to link the present record to a different record. For instance, if the user has Append permissions on the note, it might be added to an opportunity. Some records can be attached depending on the access level of the permission specified in your security role.
  • Append to: A record must be linked to the present record. For instance, users can attach a note to an opportunity if they can Append To it. Depending on the access level of the permission specified in your security job, different records may be attached.

Access Level

  • None: No Access is Allowed
  • User: Users can add, edit, remove, and read their records. They can see only their records.
  • Business unit: Users in their business unit can create, read, update, and remove records that belong to anybody.
  • Parent: child Business Unit: The user has access rights to the records held by the parent business unit and its affiliated child business units.
  • Organization: Whatever the business unit’s hierarchical level of the instance or the user, this access level grants access to all records inside the organization. Deep, local, and basic access are all automatically extended to users who possess global access.

How to Create Separate Business Units for Teams

Business Unit:

An organizational design called a business unit represents a logical collection of people, security responsibilities, and business data. Within the Dynamics 365 system, business units arrange and structure an organization’s users and data. Every business unit in an organization relates to a different operational or business division.

Navigation –> Settings –> Advanced Settings –> Security –> Business unit


  • Click on Settings
  • Click on the Advanced Settings


  • Click on the Security


  • Click on the business Unit and Click on newly create a new business unit.


The idea of “Teams” in Dynamics 365 Customer Engagement is strongly related to security roles and permissions. A team is a collection of users who collaborate and have access to the same system records. Teams are frequently used with security roles to control data access and facilitate application collaboration.

Team members cannot see each other data. The team manager can see all team members’ data because the manager has a sales manager Role.

Hierarchy Security

With Dynamics 365 Customer Engagement, hierarchical security is a feature that enables businesses to manage data access according to the hierarchy or reporting structure inside the company. This feature is especially helpful when an employee’s role or position within the organizational hierarchy needs to be considered when limiting access to data.



  • Above the Hierarchy system, the CEO can see all the records, including manager L1 and Salesperson records, but manager L1 can only see Salesperson Records.
  • Salespersons can’t see the other’s Records.

Field Security profiles

Field Security Profiles in Dynamics 365 Customer Engagement allow organizations to control access to specific fields in records on a more granular level. These profiles are useful when there is a need to restrict access to certain sensitive or confidential information within records, even if users have broader access to the overall record.

  • An entity’s fields can be secured using Field Security Profiles. This implies that a user might have limited access to a few fields, even if they have read or write access to the record.
  • Sensitive data, such as personally identifiable financial information or other secret information, is frequently protected using field security profiles.


Dynamics 365 Customer Engagement (CRM) employs a robust security model to manage user access and permissions within the system. Security roles are pivotal in defining the level of access users have to data and features, ensuring that individuals have the appropriate permissions based on their organizational roles.

Assigning security roles to inexperienced users involves navigating through settings to access the user management interface.

Key security roles, such as Salesperson and Sales Manager, have distinct access levels, with Sales Managers having broader permissions, including access to team members’ data and customization capabilities. Privileges and access levels further define the actions users can perform and the extent of their access to records.

Drop a query if you have any questions regarding Dynamics 365 Customer Engagement (CRM) and we will get back to you quickly.

Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.

  • Reduced infrastructure costs
  • Timely data-driven decisions
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, Microsoft Gold Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. What is the purpose of security roles in Dynamics 365?

ANS: – The primary purpose of security roles is to control and manage access to data in Dynamics 365. They help enforce data security, ensuring users have the appropriate permissions based on their roles and responsibilities.

2. Can security roles be customized in Dynamics 365?

ANS: – In Dynamics 365, security roles are customizable. Administrators can create new roles or alter current ones to satisfy the unique access needs of various teams or people inside the company.

WRITTEN BY Dadi RajKumar



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!