This blog post demonstrates the second mechanism that can be utilised for implementing access control requirements in USD for different sets of users within an organization: using USD agent security role.

Scenario

In an organization, users are classified into two user groups: Power Users and Level1 Users. This is due to organisational policies. The Level1 Users are not allowed to view or perform certain operations. For example, let’s assume Bing application and Bing search operations are available only to Power Users in USD.

Assumptions & Setup Instructions

The following pre-requisites need to be satisfied:

  1. Microsoft Dynamics CRM 2016 On-premise or Online instance
  2. Latest USD bits are installed
  3. Unified Service Desk – CRM 2013 SP1 with Product Updates Packages is deployed on the CRM instance using the USD package deployer.
  4. The configuration tasks are performed using an account with System Administrator role.

USD system requirements mentioned here need to be met.

As a sample, CRM users are setup as following:

  1. Trevor Walsh – Power User Team Member
  2. Bill Sutton – Level1 User Team Member

Mechanism 2: Using “USD Agent” security role

  1. Navigate to Settings > Security > Security Roles. Open the USD Agent role.
  2. Modify the read privileges of Agent Script Answer entity to User.

security role usd agent

 

  1. Assign this role to Trevor and Bill.
  2. Create two access teams and team members as shown below.

team level1

 

power user

  1. Launch Advanced Find and select Agent Script Answers as the look for entity dropdown.

agent script answers

 

  1. Share all Agent Script Answers records with Power User team granting read privilege.

agent script answer

 

  1. Similarly, share all Agent Script Answers records except 1 record with Level 1 team granting read privilege.

share agent script answer2

 

  1. Please start USD as Trevor Walsh. Start a USD session by double clicking a Contact from the Search tab as shown below.

usd my active contacts

 

  1. Follow the Agent Script sequence to reach Search solution for contact session. The Bing Search option appears. The Bing Search tab and search results are available to user.

agent script

 

  1. Restart USD as Bill Sutton. Ensure that this credentials are being used by clicking Change Credentials on the USD splash screen. Repeat the steps 8 & 9. Now, the Bing Search option is not available to the user as shown below.

bing search option

 

Together with the previous blog post, we have covered 2 access control mechanisms for meeting different security requirements of different user groups within an organization. One of the available mechanisms is to be chosen after careful consideration of the pros & cons.

Thanks for your time in reading this blog post. 🙂