Is there any possibility to create sub-users under a user account using one license, but taking into account they need to have full access to the main functionalities of the CRM.
No. Even by sharing a user between multiple people you would likely be breaching your licence terms.
Without understanding why you would want to do this, if the reason is cost, I would suggest investigating Power Apps and Team Member licences. They are a cheap way to access Dynamics data, although can be restrictive.
Related
Theoretically I'm sure there is probably no limit, but realistically I'm looking to understand how many users can be added into a MS Dynamics 365 Team. I'd like to understand what impact adding more than 8,000 users to a single team would have in terms of performance of the Dynamics application.
Why so many users in a team? We're looking at a potential requirement, which needs to secure 4 fields on an entity so that users can create those fields but not view the data in them. Short Answer: Field Level Security. However, we have a large user base ie. 8,000 users and once we create a field security profile, we need to assign that profile to 8,000 users. So an idea was to create a Team and assign the field security profile to the team. Then add 8000 users into that team.
So back to my original question. Is this a plausible solution and is there anything we're overlooking in going ahead with this. Would we face performance issues going forward? Is there a better/alternate solution to meet the requirement?
This 8k users + team + FLS scenario should not be a problem, as I remember from this performance benchmark (on online CRM 2016 update 1 though. ie v8.1), the testing was performed and gave better results with below configuration to prove statistically.
Field-level security was also enabled on custom attributes to reflect
a realistic enterprise organization.
Based on customer research, each user of a specific role was assigned
a realistic set of data. The data that the user would own was based on
the user’s role. Before the test, the total data in the test database
included more than 656,549,587 business records with a total database
size of 1.024 TB.
TeamMembership with 61,406 records.
A batch of 17,868 concurrent users performed create, update, and
delete (CRUD) operations within Dynamics CRM Online.
Apologies for the basic question; we're having a spring clean of the office Active Directory and plan to remove a large number of legacy users. Saying good-bye to their email is not a problem, but we have an on-premise Dynamics CRM we occasionally refer to. My question is, will there be any implications for that if I delete a user who might have entered a case?
There is no direct link between CRM on-premise 2011 & Active Directory to pull all users overnight & sync. When you create a new user in CRM by giving domain name, it will verify in AD & pull the details to store in CRM. This will happen on tab out.
So when you delete/disable an AD user it won't flow down in Dynamics. But you have to disable them manually (no delete option available). Before doing that make sure to read these best practices.
Best Practices
Make sure to Re-assign any associated records/activities to another
User or Team before disabling User. If you don’t Re-assign the records
they will still be available, but they will still be assigned to the
disabled user.
It is very important to ensure that there are no Workflows owned by
the User to be disabled. All Published Workflows need to be owned by
an administrative account, not an employee’s account.
There are situations where a User’s account only needs to be disabled
for a short period of time, so records don’t necessarily need to be
Re-assigned. (Example: the User went on vacation for a month). Take
into consideration the User’s privileges for those records. If only
the User can modify that record, then no one will be able to modify
the record, if the owner is disabled.
Read this community thread as well.
I've used Visual Studio Online Team Services as a code repository and want to know if it is possible for Microsoft Employees to see the code you upload if they wanted to.
The privacy policy doesn't address this specifically that I can see but it does say that Microsoft can use your data for advertising purposes and they can share it with third parties. If "data" means my proprietary code that would be good to know.
Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the Online Service.
No, not merely if they "want to". Microsoft does provide a clause that allows them access if it's required for security or site operation:
From time to time, Microsoft employees need to obtain access to customer data stored within Team Services. As a precaution, all employees who have or may ever have access to customer data must pass a background check, which verifies previous employment and criminal convictions. In addition, we permit access to the production systems only when there’s a live site incident or other approved maintenance activity, which is logged and monitored.
(From the Visual Studio Team Services Data Protection Overview document.
That being said, this is the most liberal interpretation of this access. I worked as a senior software engineer on the VSO version control team and there's no possibility for me to get access to customer data. If you complain about a bug in our git repository handling, I'm going to ask you if you can give me a copy that I can use to reproduce - I can't just go get it. And if you decline, then I will not be able to get your data.
So while yes, we Microsoft engineers do have the theoretical ability to get to your files, there are significant policy and security safeguards against access and abuse.
I'm registering a new 2013 on-line and I notice that there are two license types:
1. Microsoft Dynamics CRM Online
2. Microsoft Dynamics CRM Online Professional
What's the difference between them (in short)? I've read the description and I get the impression like "this one is yellow and the other is a car", so I simply can't compare.
According to this article, there are three (not two) different models and only one allows customizing the system (so it's only that one that there's any point showing to the customers).
What's up with that?!
In short, the headlines are:
All three licences allow access to CRM from all available clients eg browser, outlook, tablet, phone. (This is a big difference from the 2011 ESS CAL).
All three licences allow read access to all data, including custom entities. (subject to Security Roles of course).
Essential allows read/write access to activities, activity feeds and custom entities.
Basic allows everything in Essential, plus read/write to Accounts, Contacts, Cases, Leads. Also access to reports, and to create personal charts and dashboards.
Pro allows everything. Most notably Sales and Marketing (Opportunity, Quote etc, Campaign, Marketing List), plus service management (facility/equipment and all that).
Pro is needed to build customisations, but not to use them, which is where I think some confusion has arisen.
If you are talking about user licences there appears to be three distinct types.
It was a bit confusing however my general belief is:
1) Professional
This would be the Administration users who need to customize the system, build processes, templates, administer CRM, and run marketing campaigns.
2) Basic
Would be suitable for general users (ie:- ones that just need to work with entities but don't need to do much else). They can't do marketing campaigns which might restrict people who are given this licence. However your day to day staff should be fine with this as they have general access to entities as well as Reports and Dashboards etc.
3) Essential
Has very little access to core entities (even Account and Contact) so unless you have a client who wants to work with only custom entities then this seems like a pointless licence.
I've been told a few times that Business Units in CRM 2011 are "tricky" and shouldn't be set up lightly since they have irreversible consequences for a CRM 2011 implementation.
On the other hand, teams in CRM 2011 seem much more flexible in managing record security.
For what reason would I still choose to set up Business Units in CRM 2011? What can I do with Business Units that I can't with Teams (and vice versa)?
Business Units are important for the security concept of Dynamics CRM. They define a kind of a boundary within you can define specific roles or permissions. They are also used to represent an organization structure.
Teams are used for ownership of a record (new feature in CRM 2011), which is handy if you can't define a single owner. They are also used for easier sharing - you could share a record with a team, instead of sharing it with multiple persons. Another usage is to grant permissions to multiple users with grouping them into a team and assign a security role to the team.
Create a separate, new Business Unit (BU) at a higher BU level than all of the other User BUs (to avoid security role Parent:Child Business Unit permissions), then create a Team in that Business Unit.
Next, assign a security role to the new Team. Set the security role to be
restricted Read at the BU level (half a pie). Then, assign the "special" records to the Team.
Next, put the people who you want to see the records into the Team.
They will inherit the Team's security role permissions and will be the only ones in the company that can see those specific records.
You don't necessarily have to assign records to the team if you can just assign them to a user in that BU. However, you may need to assign the records to the Team if you don't have a user in the BU.
**NOTE: Watch out for Parent: Child Business Unit or Organization level permissions. The BU hiearchy would then play a role here.
*Be sure to test this before you put this into production**
Please follow below links which help alot
http://andrewbschultz.com/2011/08/09/business-units-bus-and-security-roles-in-microsoft-dynamics-crm-2011-solution-exports/
http://andrewbschultz.com/2011/06/17/the-architecture-of-team-security-in-crm-2011/
Thanks,