718 Washington Ave. N. Suite #101
Minneapolis, MN 55401
View map and all Locations

Send us a message

I recently posted a great blog called “A Tip for Dynamics CRM 2011 Security Roles.” It covers how to keep your sales force in the “know” while locking down the Accounts to be seen only by the people that use them. Let’s expand on that!


Your CRM data is valuable and sensitive. System administrators and company leaders need to know the different ways it can be taken out of your company or found on a laptop or mobile device. There are a few easy adjustments System Administrators can make to security roles to ensure sensitive information does not get mistreated.

WAIT! Before you go gallivanting into the wide world of CRM Security Roles, please consider the following best practices:

  • There are about 14 out of the box security roles; copy these roles before changing them!
  • Your organization must take users’ roles into consideration before making any sweeping changes. Ask the following questions:
    • Is our CRM data sensitive?
    • Is there a risk of it being leaked; purposefully or otherwise?
    • Are there any external factors dictating privacy or compliance such as HIPAA?
    • Does this user need this function to use CRM properly?

There are 4 security role settings that impact a user’s ability to take information out of CRM.

  • Export to Excel: Almost all records from CRM can be exported to Excel. Turning this feature off not only precludes users from putting CRM information into Excel, it also cuts off their ability to export reports.
  • Go Offline: The CRM Outlook Offline Client allows users to download any CRM data to which they have access onto their local computer. This means all of your CRM data could be on a user’s laptop even when they are not connected to CRM.
  • Mail Merge: Many record types can be included in a Mail Merge. This would allow your users to put much of your CRM data into a Microsoft Word document.
  • Go Mobile: Mobile Express allows users to access CRM using any mobile device using a special URL. This can be turned off at both the security role and each entity in customization.

The steps to do this are:

  1. Check what security role(s) the user you want to limit belongs to
  2. Copy that role
  3. Make changes to the copied role
  4. Add the user to the new role and remove the old role

Let’s take a look.

Step 1: Check what security roles the user you want to limit belongs to

This can be done by opening the user’s record OR by running the User Summary report. Let’s take a look at the User Summary report.

  1. In CRM, click on Workplace | Reports
  2. Double click on the User Summary report
  3. Click on run report
  4. The resulting report shows you a list of all your users and all the security roles to which they belong
  5. If the user belongs to more than one role, you’ll have to make sure to check all of the roles

Step 2: Copy the existing security role
the user belongs to (you must have the rights to do this)

  1. In CRM, Click on Settings | Administration | Security Roles
  2. In the list of roles, highlight the one you wish to copy
  3. Click on More Actions in the dropdown
  4. Select Copy Role
  5. Save it with a name that makes sense to you

Step 3: Change the security role

  1. Open the security role you just created
  2. Click on Business Management tab
  3. Scroll to the bottom of the page to Miscellaneous Privileges
    1. This area contains all the tasks a user can perform. Most of the items can be turned on or off by clicking them.
    2. A green circle means the user can perform the function, an empty one means they cannot.
    3. Click on the circles to change their values. (see the image below)
  4. Once you’re satisfied with the changes, click on Save and Close

Dynamics CRM Security Roles

Step 4: Add the new security role and remove the old one

  1. Click on Settings | Administration | Users
  2. Select the user you want to update
  3. Click on Manage Roles in the Ribbon
  4. Check the new role and uncheck the old one
  5. Click on OK

That’s all it takes! Happy secure CRM’ing!

Avatar for JoeCRM


Joe CRM is a CRM superhero who runs on pure Microsoft Dynamics CRM adrenaline. As the face of PowerObjects, Joe CRM’s mission is to reveal innovative ways to use Dynamics CRM and bring the application to more businesses and organizations around the world.