Security Deep Dive

Course Code 



The Microsoft Dynamics CRM security model includes security roles, field security, record sharing and hierarchy, but is also affected by other items such as cascading behaviours on entity relationships.

On this course we will give some best practice guidance on managing more complex security models. We will also discuss some of the inner workings of how the system actually works, and compare the performance implications of different security designs, including the use of sharing and access teams.


Module 1 – Security Roles, Teams and Business Units

  • Revision of the basics of assigning more than one Security Role to a User directly, or via Teams from their own and from other Business Units, and what the resulting privileges will be for the user to records in various Business Units.
  • How the CRM platform actually evaluates the security model to assess the privileges to an entity, and particularly how it checks read privileges used to display the results of a view.

Module 2 – Explicit and Implicit Shares

  • How explicit shares are stored in the CRM database.
  • Different ways in which inherited and implicit shares are created and stored.
  • How cascading behaviours configured for 1:N relationships provide additional access to records that can be unexpected, and override other security configurations.
  • How proliferation of these different shares can negatively impact performance of the system, and possible approaches to mitigate this.

Module 3 – Access Teams

  • How to configure and use Access Team Templates
  • Look behind the scenes at Access Teams in action
  • When and how Access Teams can improve system performance compared to alternative security models such as sharing with Owner Teams.

Module 4 – Field Security

  • How to configure Field Security and Field Security Profiles
  • How Field Security interacts with other parts of the security model and auditing

Audience Profile 

Technical consultants and in-house system administrators or customizers will benefit the most from the topics covered on this course, especially those who have a specific responsibility for planning the overall design or for ongoing user administration.


Delegates are expected to have a good understanding of how to use and customise Dynamics CRM 2013 or later. To get the most from the examples used in this course, delegates should also be with core entities such as Account, Contact, Case, Opportunity and Activities and how they are related to each other.