Before we dig into just what Append and Append To mean, let’s review how security roles work in CRM. CRM comes with fifteen default security roles and one root Business Unit. These security roles grant various levels of access for a variety of roles, ranging from Customer Service Representatives to Vice Presidents to System Administrators.
In CRM, security roles are cumulative, meaning that one user may have one or more security roles. If a user has two or more security roles, these roles will layer on top of one another and the user will be granted the fullest access and privileges across the roles. Once in a user record, System Administrators may add security roles to users by clicking on the ‘manage roles’ button in the command bar and selecting which roles to apply to that particular user.
A security role is three dimensional and answers the following questions:
- What actions can a user perform? This is represented by the Action columns in the security role and include: Create, Read, Write, Delete, Append, Append To, Assign, and Share (See blue box).
- On which records or system features? This is represented by the tabbed buckets across the top and the Entity rows along the left hand column (See red boxes).
- And what is the depth of their access within the system? This is represented by the circle at the intersection of each action and entity/record type. The options serve as scoping mechanisms based upon record ownership and include: None, User, Business Unit, Parent:Child Business Unit, and Organization (See orange box and lines).
Security roles best practices:
Do not use the out of the box security roles. Wait. What? Why?
- Do not assign the out of the box security roles directly to people, modify them. Create a copy of the role most similar to the role you want to assign to your users and then modify the copy. Original security roles have numerous security privilege nuances that are hard to replicate if creating security roles from scratch.
This allows the original security roles to serve as a reference whenever you need or want to create additional roles in the future. 510 775 0625
- Keep in mind that as soon as you hit ‘save’ on an active role, it will update to all child business units. This is another reason why it is important to work off of copied security roles and not the original security role. If you hit ‘save’ you will never again have access to the out of the box role with all of its nuances.
- Never break best practice unless you need to grant privileges and access to something rather small, such as ‘Export to Excel’ or ‘Run abc Report’. In this case, you can create a security role that grants this small bit of access and assign it to the appropriate users as an additional role or layer. The users other security roles should grant them access to the entire system.
Okay, now what is Append and Append To all about?
Since Append and Append To are already configured in the out of the box CRM security roles, you may never need to be concerned with their exact meaning. But if you’re inquisitive about all things CRM or modifying security roles…
Append and Append To work as a pair and are located next to one another in the security configuration window. However, it is not as simple as working left to right along a row. One way of thinking conceptually about Append and Append To is to think of ‘Append Me‘ and ‘Append To Me‘.
Here’s the big secret: Think ‘Append Me‘ and ‘Append To Me‘
In order to successfully append record A to record B, the security privileges must be set to allow both sides of the agreement. Consider the following metaphor, Append ‘knocks on the door’ of another entity and Append To is needed to ‘open the door’ to that entity. For example, if you want to qualify an Account and begin working the opportunity as set in your business process flow, you must have to rights to append the Account (record A) and the rights to append to the opportunity (record B).
If you had only granted append privileges to the account, but not append to on the opportunity, this will land you a big fat ‘business process error’ screen.
And we certainly don’t want that! Therefore, when configuring privileges regarding append and append to, first get yourself into the perspective of a cute little entity like ‘account’ and as you work across the actions and get to Append and Append To, ask: Do I need to append me to any other entities? Do I need to append other entities to me? Think about any processes that your business may have (qualifying leads, moving activities created on the lead to the opportunity, or linking a task to a case) and set accordingly.
But, don’t forget, always make a copy of the closest out of the box security role and modify it, rather than creating a role from scratch – unless it’s for something small!