{"id":14244,"date":"2007-01-17T11:42:00","date_gmt":"2007-01-17T11:42:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/crm\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/"},"modified":"2023-05-31T15:32:14","modified_gmt":"2023-05-31T22:32:14","slug":"cascaded-security-privileges-and-sharing","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/","title":{"rendered":"Cascaded Security Privileges and Sharing"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\"><!--?xml:namespace prefix = o ns = \"urn:schemas-microsoft-com:office:office\" \/-->Continuing our tradition of introducing guest speakers, here is a post by MVP and Microsoft Partner Scott Colson. Scott is the first guest speaker for 2007.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">The CRM security model is a complex beast that provides a lot of granular control over who can do what with a given CRM record. I\u2019ve recently been called on to resolve some more complex security scenarios which have really opened my eyes to two key concepts in the security model: cascading access and sharing. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Before getting into these concepts, I want to review the security basics: privilege, access, and roles.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><b><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Privilege: What a user can do with a record<\/span><\/b><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">In general, each user in the CRM system can be granted permission to carry out one or more of the following actions on a particular record type. This permission is referred to as a privilege:<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Create \u2013 Create a new record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Read \u2013 View or open an existing record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Write \u2013 Save changes to an existing record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Delete \u2013 Delete an existing record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Append \u2013 Append this record to another record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Append To \u2013 Append another record to this record<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Assign \u2013 Assign this record another user<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Share \u2013 Share this record with another user<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><b><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Access: Which records the user can work on<\/span><\/b><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Users can have different privileges on different record types. The ability to execute a privilege (e.g. open a record for viewing) on a given record type is referred to as having access. <span>\u00a0<\/span>A user is granted access based on who owns the record and how close the user is to the owner within the CRM organizational structure. There are 5 defined access levels in Microsoft CRM:<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">No Access \u2013 Simply put, the user is not granted access.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">User Access \u2013 The user is granted access to only records they own<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Business Unit Access \u2013 The user is granted access to records owned by anyone in their current business unit. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Parent Access (a.k.a. Deep Access) \u2013 The user is granted access to records owned by anyone in their business unit and to records owned by anyone in a child business unit within the organizational hierarchy<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt 0.45in;text-indent: -0.2in\"><span style=\"font-size: 16pt;font-family: 'Arial','sans-serif'\"><span>\u2022<span style=\"font: 7pt 'Times New Roman'\">\u00a0\u00a0\u00a0 <\/span><\/span><\/span><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Organization Access \u2013 The user is granted access to any records owned by any user within the organization.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Access and privilege work together to define what a user can do to a given record. For example a user may be granted User Access for the create and write privileges and Business Unit Access for the read privilege, which allows the user to view records that are owned by any user in their business unit, create their own records, and edit their own records. The user would not be able to view or edit records owned by users that were not in their business unit<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><b><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Roles: Making security manageable<\/span><\/b><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Microsoft CRM provides security roles as a way to manage access and privilege for each record type in CRM. Roles are analogous to Windows security groups: each CRM user is assigned one or more security roles and each security role defines the access levels and privilege for each CRM entity. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">When a user is assigned more than one security role, the user is authorized the least restrictive access\/privilege combination from all of the assigned roles. So if a user is assigned the Sales Person security role which allows User Access for the create, read, and write privileges on a contact record and the user is also assigned the Sales Manager security role which allows Business Unit Access for the read and write privileges, then the user would have Business Unit Access for the read and write privileges since is the least restrictive combination.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><b><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Cascaded Access \u2013 If you own the \u201cparent\u201d you own the child<\/span><\/b><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">It turns out that there is a loophole to the security model that I call Cascaded Access. Cascaded Access basically means that if a user owns the \u201cparent\u201d record in a relationship then that user will inherit User Access to \u201cchild\u201d records associated with the parent. It is important to note that when you receive Cascaded Access to a record, you have no more privilege than you would if you owned the record. This is best explained by example.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Assume a CRM organization with two peer business units. Each business unit represents a sales division within the organization. Company policy is that all sales representatives are granted Organizational Access for the read, append, and append-to privileges and Business Unit Access for create and write privileges on account and contact records. Additionally, sales representatives are granted Business Unit Access on the read, append, and append-to privileges and User Access on the write and create privileges for opportunity records. All users in the organization are granted User Access for the create, read, write, and delete privilege on activities. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">In this organization, Gail works in the business unit 1 and Jim works in business unit 2. Given the security setup, you would expect Jim to be able to see Gail\u2019s account and contact records but not her opportunity records and you would expect Gail to see Jim\u2019s account and contact records but not his opportunity records. You would also expect that they cannot see each other\u2019s activities. You would be correct. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">However, here is the loophole. If Jim is working on an opportunity associated to an account that Gail owns, then Gail will be granted User Access to the opportunity record, even though it is owned by a user from a different business unit (which appears to violate the security role setup.) My first thought when I saw this behavior was that it was a bug. But on further thought, I realized it makes a lot of sense. After all, if I were Gail, and Jim was working on an opportunity for my account, I would certainly want to know about it and track it.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Cascaded security appears to apply to all user-owned record types; however, I have only verified it on accounts, contacts, opportunities, incidents and activities. In my tests, the cascading worked down three levels (i.e., I could see activities related to opportunities related to contacts related to my account) but it may have worked even deeper in the record hierarchy. One thing to note with regard to activities is that cascading only applies to activities that are actually regarding a record. Access does not cascade based on recipients.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><b><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Sharing and Teams\u2013 Granting access across the organization<\/span><\/b><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">If you look at the way the access levels are setup (user, business unit, parent, organization) you see that the pattern is up and down the CRM org chart. Sharing gives you a way to grant privilege across the org chart. Teams give you a way to define groups of people from anywhere on the org chart.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Going back to my earlier example, let\u2019s add a few more players. Kevin and Janice work with Gail in business unit 1. They both have a lot of experience with projects involving CRM integration and therefore, get brought in on certain opportunities to assist other sales reps. In order to give the access to the opportunity records they have both been added to the CRM Integration Specialist Team.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Jim is working on an opportunity that involves a significant integration and he needs some help. In order to get help, he sends an email off to Kevin and then goes into CRM and shares his opportunity record out to the CRM Integration Specialist Team. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Jim shares the record by selecting it and then going to the Actions menu and selecting Sharing. This opens a window that allows Jim to select the team and define the privileges he wants to assign to the team. (Note that he cannot share access that he doesn\u2019t have, so in this case he could not actually share access to the delete privilege.) Jim grants the team access to the read and write privileges on his opportunity record.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">Once this is done, Kevin (and Janice) can open the opportunity record and modify it. Additionally, because of Cascading Access, he can also view all of the activities related to the opportunity that he could not have viewed previously. However, Cascading Access through sharing is more restrictive than regular Cascaded Access. Since Jim only shared access to read and write privileges on the opportunity, Kevin only has Cascaded Access to the read and write privileges on the related activities.<\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">In addition to a scenario involving teams, sharing also gives users a way to temporarily turn over a record management to another user. Rather than assigning all of my accounts to another user when I go on vacation, I can just share them out and only give the level of access needed. <\/span><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 0pt\"><span style=\"font-size: 10pt;font-family: 'Arial','sans-serif'\">BTW sharing is also used by the CRM system to during record assignment to grant previous record owners access to the record. When you assign a record that you own to another user, the record is automatically shared back to you with all 6 privileges. This gives you the opportunity to reclaim ownership of the record (at least until the new user removes your sharing rights.)<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Continuing our tradition of introducing guest speakers, here is a post by MVP and Microsoft Partner Scott Colson. Scott is the first guest speaker for 2007. The CRM security model is a complex beast that provides a lot of granular control over who can do what with a given CRM record. I\u2019ve recently been called<\/p>\n","protected":false},"author":4391,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"post_tag":[],"product":[],"content-type":[4690],"topic":[],"audience-type":[],"audience":[],"ms-author":[],"coauthors":[2650],"class_list":["post-14244","post","type-post","status-publish","format-standard","hentry","content-type-news-and-product-updates","review-flag-1593580425-950","review-flag-2-1593580434-938","review-flag-5-1593580450-212","review-flag-6-1593580454-668","review-flag-anywh-1593580316-165","review-flag-new-1593580245-522","review-flag-partn-1593580281-976"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog\" \/>\n<meta property=\"og:description\" content=\"Continuing our tradition of introducing guest speakers, here is a post by MVP and Microsoft Partner Scott Colson. Scott is the first guest speaker for 2007. The CRM security model is a complex beast that provides a lot of granular control over who can do what with a given CRM record. I\u2019ve recently been called\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Dynamics 365 Blog\" \/>\n<meta property=\"article:published_time\" content=\"2007-01-17T11:42:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-31T22:32:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2022\/04\/Microsoft-logo_rgb_c-gray_950.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"950\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"365blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"365blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 min read\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/author\/crm-team-blog\/\",\"@type\":\"Person\",\"@name\":\"365blog\"}],\"headline\":\"Cascaded Security Privileges and Sharing\",\"datePublished\":\"2007-01-17T11:42:00+00:00\",\"dateModified\":\"2023-05-31T22:32:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\"},\"wordCount\":1503,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\",\"name\":\"Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#website\"},\"datePublished\":\"2007-01-17T11:42:00+00:00\",\"dateModified\":\"2023-05-31T22:32:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cascaded Security Privileges and Sharing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/\",\"name\":\"Microsoft Dynamics 365 Blog\",\"description\":\"Modernizing Business Process with Cloud and AI\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization\",\"name\":\"Dynamics 365 Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2019\/08\/Microsoft-Logo.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2019\/08\/Microsoft-Logo.png\",\"width\":259,\"height\":194,\"caption\":\"Dynamics 365 Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/","og_locale":"en_US","og_type":"article","og_title":"Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog","og_description":"Continuing our tradition of introducing guest speakers, here is a post by MVP and Microsoft Partner Scott Colson. Scott is the first guest speaker for 2007. The CRM security model is a complex beast that provides a lot of granular control over who can do what with a given CRM record. I\u2019ve recently been called","og_url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/","og_site_name":"Microsoft Dynamics 365 Blog","article_published_time":"2007-01-17T11:42:00+00:00","article_modified_time":"2023-05-31T22:32:14+00:00","og_image":[{"width":950,"height":413,"url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2022\/04\/Microsoft-logo_rgb_c-gray_950.webp","type":"image\/png"}],"author":"365blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"365blog","Est. reading time":"6 min read"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/author\/crm-team-blog\/","@type":"Person","@name":"365blog"}],"headline":"Cascaded Security Privileges and Sharing","datePublished":"2007-01-17T11:42:00+00:00","dateModified":"2023-05-31T22:32:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/"},"wordCount":1503,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/","url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/","name":"Cascaded Security Privileges and Sharing - Microsoft Dynamics 365 Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#website"},"datePublished":"2007-01-17T11:42:00+00:00","dateModified":"2023-05-31T22:32:14+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/no-audience\/2007\/01\/17\/cascaded-security-privileges-and-sharing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/"},{"@type":"ListItem","position":2,"name":"Cascaded Security Privileges and Sharing"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/","name":"Microsoft Dynamics 365 Blog","description":"Modernizing Business Process with Cloud and AI","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#organization","name":"Dynamics 365 Blog","url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2019\/08\/Microsoft-Logo.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-content\/uploads\/2019\/08\/Microsoft-Logo.png","width":259,"height":194,"caption":"Dynamics 365 Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/#\/schema\/logo\/image\/"}}]}},"word_count":1498,"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Dynamics 365 Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/posts\/14244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/users\/4391"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/comments?post=14244"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/posts\/14244\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/media?parent=14244"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/post_tag?post=14244"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/product?post=14244"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/content-type?post=14244"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/topic?post=14244"},{"taxonomy":"audience-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/audience-type?post=14244"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/audience?post=14244"},{"taxonomy":"ms-author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/ms-author?post=14244"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/dynamics-365\/blog\/wp-json\/wp\/v2\/coauthors?post=14244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}