Solved

Dynamics CRM 4.0 and Human Resources Data Permissions Scheme

Posted on 2008-10-22
5
494 Views
Last Modified: 2013-12-04
We are investigating the potential for using our current Microsoft Dynamics CRM 4.0 system to track human resources data for our business, including sensitive employee files that only the two HR user accounts should be able to access. What would be the best way to ensure that the HR data can only be read by the two HR user accounts?

Would it be possible to restrict administrator account access to this data as well? We have four user accounts with "System Administrator" privileges at the organizational level and nobody, including administrators, should be able to see said data except the two designated HR users.
0
Comment
Question by:rdracer58
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:WilyGuy
ID: 22776943
Administrators (if they are OOTB System Administrators) can see EVERYTHING. (or can make themselves able to see everything).

You could COPY the System Administrator Role and play with the settings to eliminate the ability to address some of that data, but again, if they can control settings they can create a new account or something similar).

Same with a Administrative Licensed System Admin (they can't see Data, but could create an account that could).

If you want this data in CRM, I would highly suggest a custom entity (as the ability to limit access is easier).
0
 

Author Comment

by:rdracer58
ID: 22777174
I am assuming with a custom entity that one with an administrator role, as aforemenioned, could not necessarily see the data, but could easily grant themselves the permissions to see the data?
0
 
LVL 15

Accepted Solution

by:
WilyGuy earned 500 total points
ID: 22777280
Indeed.

This goes back to that "need to know" conversation between IT and Management.
I had to illuminate management as to all the things I had access to as a Domain Admin and that they needed to have a Trust Level with someone in that position.

If your CRM System Admins are NOT I.T. perhaps you SHOULD remove that level of CRM access from them and reserve that for either an IT person or a login known only to IT.

0
 
LVL 15

Expert Comment

by:WilyGuy
ID: 22777293
As an addendum, if they ARE IT staff, do they have access to OTHER HR files on the network based on those credentials?

Some HR people are protective of the "File Cabinet ONLY" mentality and likely that is a good thing....until they lose the key :)
0
 

Author Comment

by:rdracer58
ID: 22777328
Good point--I think the conversation between IT and Management is one that we need to have--especially since IT has similar "access" to other HR related information on the network. Thanks for your help!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2008-R2 lost password 19 111
Trusted Platform Module with Windows 10 - Upgrading TPM 1.2 to TPM 2.0 13 88
Is attached iPhone screen an IOC 5 71
Wannacry 44 89
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question