Dynamics 365 Apps security roles and other security considerations

I have recently built a few Microsoft Dynamics 365 Apps for a Dynamics 365 CRM Solution. I personally found the whole Dynamics 365 Apps idea to be brilliant as it does remove a lot of the clutter / noise / unnecessary entities, buttons, etc. that users don’t need. These are then replaced with a single App that only has what a user requires for their day to day operations. For example, a CRM call centre user will have an App that only shows the entities, forms, dashboards, business process flows, etc. that they need and nothing more. This provides a greater customer experience and higher user adoption and engagement (I saw this first hand).

Back to the subject of the post! Dynamics 365 Apps security can be applied using security roles as follows (source: :

  1. Go to Settings > My Apps.
  2. In the lower right corner of the app tile you want to manage access for, click the More options button  , and then click Manage Roles.
  3. In the Manage App dialog box, Choose whether you want to give app access to all security roles or selected roles.
  4. Roles. If you choose Give access only to these roles, select the specific security roles (Important: see point “a” below)
  5. Click Save and
  6. Finally, re-publish your App (the last step is optional).

Sounds simple, correct? Well, there are a couple of “Gotcha” considerations that you have to be aware of:

a. Any security role that you choose from the list of roles that can access an App, MUST (I repeat MUST) have the “Read App” privilege. You can check that by opening the required security role and navigate to “Customizations” and you will see the “App” privilege in the first line under security role -> customisations. This is really important:

b. You can hide the “Custom” app which is basically the original conventional Dynamics CRM standard access app to all security roles (except to administrators) by clicking on “Hide for all Roles” on the “Custom / Full” App. This makes this app disappear from the left hand list of available Apps to standard users. However, if the user types in the standard CRM url they will still be able to access it, yet with limited data access based on their security roles. For example, if a user typed in: https://yourcrminstance.crm4.dynamics.com they will access the custom / full app. You should always make sure your users only use the Apps in this case so for example:

https://yourcrminstance.crm4.dynamics.com/Apps/yourcustomApp

Finally, we all know that this great new features, Dynamics 365 Apps, is still a brand new capability so it will continue to evolve and improve in the upcoming releases – so watch this space!

Original Source


Related
Recommended