New Entities and Security Privileges in CRM 2013

Any new release of CRM comes with additional features. Most of these features have a security privilege associated with it. With the introduction of new functionalities in CRM 2013, there are new entities and security privileges available. Let’s have a look at what these privileges are and why are they necessary.




Core Records


The TraceLog entity is an internal entity which is visible in the system but have no supported developer scenarios. It’s not known at this stage if this entity is only required by the Microsoft Support Personnel.

Manage Data Encryption Key – Change | Read | Activate

In order to support the new server-side sync and Yammer integration capabilities, Dynamics CRM 2013 needs to store passwords for email services and Yammer authentication tokens. Microsoft Dynamics CRM 2013 uses standard Microsoft SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords.

More information about Data encryption can be found here.

Business Management

E-mail Server Profile

This entity represents the email server profile for an organization. Email server profiles in Microsoft Dynamics CRM store settings that are used by server-side synchronization to connect to an email server and process email for the associated mailboxes.

More information on how to create an email server profile and add mailboxes to an email server profile can be found here.


The Mailbox entity represents the mailbox synchronization settings for user, queue, or forward mailbox. It is used for synchronization of incoming or outgoing email as well as appointment, contacts and tasks. The user’s mail preferences for incoming/outgoing mail are set on the mailbox entity. If the users are not granted the read permission to mailbox entity, they will not be able to configure CRM Outlook Client.

CRM for Phones

This was previously known as the ‘Go Mobile’ privilege in the earlier versions of CRM. Granting this privilege enables the users to use CRM for phones.

More information on how to setup CRM for phones is provided here.

Go Offline in Outlook

If your users install CRM for Outlook, and are granted the “Go Offline in Outlook” privilege, they can work offline with the Microsoft Dynamics CRM records that they own.

Use CRM For tables

This privilege is similar to the “CRM for Phones” privilege. By granting just the “CRM for Tablets” permission would not enable the users to use CRM for tablets. They have to be granted read permissions on System Application Metadata and read/write permission on User Application Metadata privileges.

More information on how to setup CRM for tablets can be found here .


Process Session

This privilege was known as “Dialog Session” in CRM 2011. This enables the user to run the dialog sessions in CRM 2013.

System Application Metadata

By granting just the “CRM for Tablets” permission would not enable the users to use CRM for tablets. They have to be granted read permissions on System Application Metadata and read/write permission on User Application Metadata privileges.

User Application Metadata

By granting just the “CRM for Tablets” permission would not enable the users to use CRM for tablets. They have to be granted read permissions on System Application Metadata and read/write permission on User Application Metadata privileges.

Activate Business Process Flows

A business process flow guides you through various stages in the business process, from start to finish. Once the business process flow is configured and before they can be used, they need to be activated. The ‘Activate Business Process Flows’ privilege enables the user to activate a business process flow.

Activate Real-Time Processes

Similar to the Business process flow, the real-Time processes are another category of workflow processes in CRM 2013. The user will be able to activate a real time process if this privilege is granted.

Activate Business Rules

This privilege is similar to business process flows and real-time processes. The user will be able to activate the business rules process if this privilege is granted.

Microsoft Dynamics Student Training Material

Microsoft has made available the student training material for Microsoft Partners through PartnerSource.

PartnerSource contains plethora of training material for the following products

  • Microsoft Dynamics AX
  • Microsoft Dynamics CRM
  • Microsoft Dynamics GP
  • Microsoft Dynamics NAV
  • Microsoft Dynamics SL
  • Management Reporter for Microsoft Dynamics
  • Microsoft Dynamics Point of Sale
  • Microsoft Forecaster
  • Microsoft FRx
  • Microsoft Retail Management System
  • Microsoft Dynamics Sure Step

The following training materials are available for Microsoft Dynamics CRM 2013

  • Sales Management in Microsoft Dynamics CRM 2013
  • Customer Service in Microsoft Dynamics CRM 2013
  • Customization and Configuration in Microsoft Dynamics CRM 2013
  • Installation and Deployment in Microsoft Dynamics CRM 2013

The link to the student training material can be found here

Happy learning!

Capturing the Security Requirements for a Dynamics CRM Implementation

The Analysis phase of a CRM Implementation starts with conducting a solution overview and detailed business process analysis. Once the processes are defined and aligned, the business requirements are gathered. In the past, I have found that there is little clarity on the security requirements during the Analysis phase. Having a two or a three day workshop would not necessarily ensure all the security requirements are covered and the solution is ready to be designed. Gathering the security requirements should begin towards the end of the Analysis phase and should be finalized by the middle of the Design phase.

This blog article explains an approach that has worked for me and my team in gathering the security requirements for a Dynamics CRM Implementation.

Business UnitsStart with Business Units. They normally surface out of the business process analysis discussions. When you understand how the information flows across divisions in an organization and various roles responsible for the activities, you can start making a list of all the business units and roles you encounter as part of the business process flows.

The Business Units in CRM drives the Role-based security.  Hence, it is important to map the business units in a hierarchy.

Role-Based Security – The Role-Based Security focuses on grouping a set of privileges together that describe the responsibilities or tasks that can be performed for a user. The business process analysis surfaces the most common roles performing various tasks within an organization. But there could be scenarios where the same role performs different tasks. In this scenario, it is always a best practice to create them as two separate security roles in CRM.

Once the list of security roles are finalized, they need to be revisited towards the end of the Analysis phase to imbue them with more information. At this stage, it is important to have a security matrix with the list of all the roles mapped against privileges (Create, Read, Update, Delete, Assign, Share) and functions such as export to an excel, print, approve a budget, closing a case etc. These functions could be the exceptions which are found during the functional requirements gathering and those which cannot be accommodated through the out of the box security role privileges in CRM.

Record-Based Security Now that you have the business unit hierarchy, base security roles and the privileges against each entity and function, the details around the record-based security will have to be captured. You will have to focus on the access levels for each of the CRUDAS privileges.

TeamsSetting up Teams in CRM are derived from the functional requirements captured, the business unit hierarchy to be setup and the security roles to be configured. If you have a requirement where a group of users across various business units need to collaborate on a record, then you create teams in CRM and share the records with the team. But if you do not know ahead of time how many teams you need to create, there is a new feature in CRM 2013 called the ‘Access Teams’ which could just be the answer. An access team doesn’t have any security roles assigned to the team and doesn’t own any records. Instead, the records are shared with the access team and team is granted access rights on the records, such as Read, Write and Delete.

Field Level Security– The final bit of security requirement is to capture the field level security requirements. Field level security restricts field access to specified users and teams. Typically, the requirements for field level security are driven by the functional requirements. The field level security discussions can happen after the business unit structure, base security roles and access rights have been configured, as you would already know which role does what, and how.

CRM 2013 – Video – Microsoft Dynamics CRM 2013 SDK New Features – Client API

Microsoft Dynamics CRM 2013 SDK New Features – Client API

Hosk's Dynamic CRM Blog

This videos goes through the new functionality in the Client API (JavaScript)

I will warn you, the woman speaking has probably the most monotone voice I have ever heard, which is a shame because the information is very useful but it sometimes become very difficult to hear it because I was tuning out.

She explains new functions at around 10 minutes with some examples

if you want to see what code has changed then this post lays it out really well

it has thing like this


    • Returns a string value of the primary attribute for the entity


  • Xrm.Page.ui.setFormNotification()
    • Takes in a string value to set a form notification with the passed in string
    • Pass in “ERROR”, “INFORMATION” or “WARNING” to dictate the type of notification


View original post

The value-adds and limitations of Portable Business Rules in CRM 2013

Portable Business Rules is yet another productive feature in CRM 2013. During the days of CRM 2011 and CRM 4.0, Jscript development was required to add some logical functions such as setting the requirement level of the field, hiding or displaying the fields on the form and alerting the user on the form.  The Jscript development has been replaced by the inclusion of portable business rules in CRM 2011 enabling a non-developer to be able to set up rules accordingly.

Portable Business Rules

Value Adds Limitations
  • Reduces coding effort – requires configuration that can be performed by a non-developer
  • Can be applied to multiple forms belonging to the same entity
  • Consistent way of displaying messages
  • Does not support complex business rule development, which still requires JScripts.
  • No Conditional branching. If your business logic requires conditional branching, you have the option of either creating multiple business rules or facilitating   the same conditional branching using real-time workflows.
  • Cannot make the fields Read-Only. This still requires Jscript development

Business Process Flow: Opportunity Sales Process Flow Explained

There have been questions in the Dynamics CRM Community Forum around the opportunity sales process flow. I thought I would put together a one-pager to explain the relationship between various components of the opportunity sales process and the configuration options

The data model for the Sales process flow in CRM 2013 is depicted below:

CRM Sales Process Flow

One sales process can have multiple sales stages. These sales stages have a one-to-one mapping with ‘Stage Category’. The ‘Stage Category’ is a Global OptionSet with values such as Qualify, Develop, Propose, Close etc. You can configure additional values to this Global OptionSet.

Each sales stage, together with ‘Stage Category’ can have multiple steps. Each step will then have to be mapped to a field on the entity. In the Opportunity entity, you will find a text field called ‘Pipeline Phase’. The ‘Pipeline Phase’ is a text field and the value on this field is automatically populated by the CRM platform. The value held by this field is actually the Stage Category prefixed by the Stage Category OptionSet index.

Pipeline Phase

Now, the question is where does the OptionSet ‘Opportunity Stage’ come into the picture?

The ‘Opportunity Stage’ field is not linked to any of the Sales Process flow fields in CRM 2013. With the help of workflows or business rules, you can assign a value to the ‘Opportunity Stage’ field.

Training & Adoption Kit for Microsoft Dynamics CRM 2013

Microsoft has released a Training & Adoption Kit for Microsoft Dynamics CRM 2013. The kit applies to Microsoft Dynamics CRM Online and Microsoft Dynamics CRM 2013.

I have seen teams creating training materials from scratch. Often, the training materials relate to the out of the box solutions and tasks. With the help of the training & adoption kit, teams can create their own training materials on CRM 2013. This certainly saves lot of effort in CRM implementations. Perhaps a two week effort to draft a user manual might take you just a week!

My favourite – Microsoft Dynamics CRM User Guide

The kit can be downloaded from the below link on the Microsoft website

Happy reading!