Skip to navigation Skip to content

Tech Insights 5 min read

What Is The Hierarchy Security Model Of Dynamics 365?

Microsoft Dynamics 365 is a comprehensive CRM solution that can make your customer service and marketing campaigns a lot more efficient and successful. As a holistic CRM solution, Dynamics 365 provides a robust security framework to avoid any data leaks or attacks.

Customer data can be highly confidential and sensitive and requires extreme caution when shared across your various applications and agents. The Dynamics 365 provides an efficient role-based security framework to ensure data confidentiality at all levels with well-defined security roles and access controls.

Dynamics 365 Security Model: What Is Hierarchy Security?

What Is It?

The Dynamics 365 security model is a security framework that ensures data integrity and privacy of data handled by the Dynamics 365 CRM platform. It allows for efficient data access and easier collaboration by dealing with the vulnerabilities presented during information sharing.

For What?

When you start utilizing the Dynamics 365 CRM, you will inevitably move large amounts of data across your teams. The shared data holds potentially confidential information that you need to protect from unauthorized access. Some of the major features provided by the latest security model from Dynamics 365 ensures are:

  • Fine-grain control on data access level definitions. Only users who are appropriate for the job are allowed to access data
  • Role-based security. Various types of user roles are introduced, which each user can be assigned to. Data access levels are determined based on the corresponding user role.
  • Data sharing without changing ownership. Data can be made available without giving the rights to modify it. This helps avoid manual errors and unauthorized modifications of data.
  • Additionally, Dynamics 365 security models also provide record based and field-level security for enhanced data protection.

For Whom?

The Dynamics 365 security model caters to every user who interacts with and is involved in the Dynamics 365 CRM applications and services. Every organization that has subscribed to the Dynamics 365 CRM solution can derive the benefits of the Dynamics 365 security model.

Every user within the organization will be defined by their user roles and hierarchical structure and given the right access and security protocols for data access. This advanced security module also helps you enforce the data privacy regulations and standards put forth by regulatory bodies like GDPR.

Dynamics 365 Security Model: How Can We Configure Hierarchy Security?

The Dynamics 365 security model follows a hierarchical role-based security framework. Users are assigned security roles that define their duties and access privileges. For instance, if a data field is marked as highly confidential, only high-level users such as the user with admin role will be able to access it.

The Dynamic 365 security model employs both authentication and authorization to make data access secure and well defined. Firstly, you have to be an authenticated user to establish a connection with the CRM system. Once authenticated, you will be allowed to access data authorized for your particular user role. Authorization permissions and privileges can be granted by the admin user to other users.

To get started with such a hierarchical security framework, you will have to execute the following steps

Organize Your Business Units

The Dynamics 365 platform breaks up your organization into individual business units, which can be further divided into teams and individual user accounts. The root business unit is created by default and refers to the entire organization. You will have to set up the sub-business units. You can create these business units as a reflection of your existing sections or departments. And similarly, you can define the teams and individual users under each business unit.

Define Access Levels

Create different access levels at user, team, and business unit levels. You can structure your data access authorizations, rights, and restrictions based on the user level. The five access levels supported by Dynamics 365 security model are:

  • Global – Access to all records held by the organization
  • Deep – Access to all records under a business unit and child units
  • Local – Access to all records within a business unit
  • Basic – access to data records within a team
  • None – No access

A privilege refers to what a user can or cannot do with a particular piece of data. For instance, an individual user may be allowed to read data but not alter it. They may be allowed to add new data but not delete any existing data. The eight basic record level privileges provided by Dynamics 365 are:

  • Create
  • Read
  • Write
  • Delete
  • Append
  • Append to
  • Assign
  • Share

Define Your Role-Based Security Policies

Determine the level of access users can have depending on their user role and assign the corresponding security role to each user. The default security roles provided by Dynamics 365 security model are:

  • CEO-Business Manager
  • CSR Manager
  • Customer Service Representative (CSR)
  • Delegate
  • Marketing Manager
  • Marketing Professional
  • Sales Manager
  • Salesperson
  • Schedule Manager
  • Scheduler
  • Support User
  • System Administrator
  • System Customizer
  • Vice President of Marketing
  • Vice President of Sales

When setting up hierarchy based security roles, you will have to consider the available security models: the manager hierarchy or the position hierarchy.

Dynamics 365 Security Model: What Is The Manager Hierarchy?

The manager hierarchy model follows the same reporting structure of your organization. This type of hierarchy allows managers to access any data that their reports can access. Managers are given the combined privileges of their subordinates. For the non-direct reporting structure, the manager will get read-only access.

Setting It Up

Only administrator-level users can enable the hierarchy security model. To enable this type of security model:

  • Go to Settings > Security > Hierarchy Security
  • Then Select Hierarchy Security and enable Hierarchy Modeling.
  • Then choose Manager Hierarchy. You can set the depth up to which a manager can have read-only access to the data under their reporting structure.

Dynamics 365 Security Model: What Is A Position Hierarchy?

The position hierarchy does not follow the reporting structure but instead follows the access levels as defined by the administrator. The admin will define the various positions within the organization and arrange them in a positioned hierarchical structure. New users can be added to a particular position by specifying a ‘tag’ that defines that position within the hierarchy. While a position can be assigned to multiple users, a single user can only have one position in a hierarchy.

The direct higher positions have more privileges to read, write and update, whereas lower positioned users will have limited privileges. Based on the ancestor path, the privileges assigned will vary for any position.

Setting It Up

  • To set up a position hierarchy, choose Custom Position Hierarchy as the hierarchy model when you enable the hierarchy security. Set the depth value and start tagging your users with the position levels.
  • To add a position to a user, you can select positions from the lookup field called Position on the user record form.
  • To create new positions, Go to Settings > Security> Positions and Create +New.


Data Security is essential to the reputation of your brand. Along with robust security protocols and supporting framework, you should also be aware of the best security practices and know well to put them into action. Understanding the various security roles and assigning the right user roles is crucial in leveraging the Dynamics 365 security model.

If you have any queries at all with respect to the hierarchy security model or about your CRM’s security, contact us today. Let us help you configure your hierarchy security for maximum effectiveness.

Liked what you just read? Sharing is caring.

February 04, 2021 by Lukas Vézina Marketing Content Specialist

Marketing specialist working at Gestisoft since 2017, I firmly believe any subject can be interestingly presented. It just takes empathic and creative storytelling.