This blog post demonstrates a mechanism that can be utilised for implementing access control requirements in USD for different sets of users within an organization.


In an organization, users are classified into two user groups called “Power Users” and “Level1 Users” due to organisational policies. The “Level1 Users” are not allowed to view or perform certain operations. For example, let’s assume Bing application and Bing search operations are available to only “Power Users” in USD.

Assumptions & Setup Instructions

The following pre-requisites are satisfied:

  1. Microsoft Dynamics CRM 2016 On-premise or Online instance
  2. Latest USD bits are installed
  3. “Unified Service Desk – CRM 2013 SP1 with Product Updates Packages” is deployed on the CRM instance using the USD package deployer
  4. The configuration tasks are performed using an account with “System Administrator” role

USD system requirements mentioned here are met.

CRM user setup be performed is as below

  1. Trevor Walsh – Power User
  2. Bill Sutton – Level1 User

Mechanism 1: Using USD “Configuration” entity

  1. Navigate to “Settings” > “Unified Service Desk” > “Configuration”

usd configuration

  1. Click on “New” button and save the record with the name “Power Users”. Add a user to list as shown below.

usd power users

  1. Click “+” on each sub grid available on the form, and select all the available records from the Lookup dialog view. For example, the sub grid “Window Navigation Route” to be populated as shown below.

window navigation route

  1. For certain sub grid like “Events”, navigate to each page on the lookup dialog to add all the available records as shown below.

usd lookup dialog

  1. After adding records in all the sub grid, click on “Clone” button as shown below.

usd clone button

  1. Navigate to Settings > Unified Service Desk > Configuration. The highlighted cloned record will be available.

active configuration

  1. Double click on the record to open it. And rename it to Level1 Users.
  2. Remove Bing from the sub grid as shown below.

remove bing from subgrid

  1. Add a user to the configuration as shown below.

add a user to the configuration

  1. Please start USD as Trevor Walsh. Start a USD session by double clicking a Contact from the Search tab as shown below.

start usd

  1. Follow the Agent Script sequence to reach Search solution for contact session. Click on Bing Search as shown below. The Bing Search tab and search results are available to.

agent script

  1. Restart USD as Bill Sutton. Ensure that these credentials are being used by clicking Change Credentials on the USD splash screen. Repeat the steps 10 & 11. Now, the Bing Search application and search results are not available to.

Bing search application


In this blog post (i.e. Part1), we have covered the access control mechanism using “Configuration” entity to create sets of USD configuration for meeting different security requirements of different user groups within an organization.

Thanks for your time and effort in reading this blog post. Stay tuned for the next part which covers another mechanism.