CRM 2013 Customization and Configuration Exam notes – Entities and fields

Here are my study notes regarding entities and fields in CRM.  I hope you appreciate the picture of a field (entities and fields, get it?)

Entities and fields are probably an error where most people will have a good starting knowledge of and some experience with.  Don’t get fooled into not studying the topic because there is a difference of using fields and entities and having enough knowledge to answer certification question on entities and fields.

It’s important to understand how entities and fields work and the limitations of them, e.g.

  • What entities values cannot be disabled once you have enabled them?
  • How does the new functionality like Image work?
  • How do entities which are activities work?
  • Can you delete fields referenced in a workflow?


Whilst studying these two areas I did improve my understanding of the core functionality of CRM and wrote these two blog posts

CRM 2013 – When should you create a custom activity entity?

CRM Entity ownership – How do you decide?

These notes will be added to the other study information I have created, which you can find here – MB2-703 – CRM 2013 Customization and Configuration Certification

Even if you are not studying for the MB2-703 certification, it’s interesting to have a quick read of the notes and I bet you find a fact you didn’t know


  • Microsoft Dynamics CRM default instance starts with more than 260 systems entities but which many are hidden from the UI
  • There are two types of entities – Custom entities and system entities
  • More than 90 system entities can be customized
  • Some system entities cannot be customized e.g. system job
  • Entities can be created by the UI, importing records or via code using the SDK
  • Entities which can be customized (system and custom) are known as customizable entities
  • Not all components of a customizable entity can be customized e.g. system fields like created on cannot be deleted
  • Ownership can be either user/team or organisation
  • Organization ownerships does not create an owner field, there is no owner or business units
  • User/team ownership adds lookup fields for business unit, user lookup, team lookup
  • Entities can be owned by users or teams
  • You can create custom activity entities
  • Activity entities have common fields – planned started date, actual start date, actual end date, description, subject and duration
  • All activity entities have a link to the ActivityPointer and can be used in the ActivityParty class
  • The activityPointer allows different activities to be viewed in one view.
  • Custom Entities when created by default are not viewable/usable to any users apart from System Administrator and System customizer roles. Other security roles will have to add the entity.
  • Display name is the name used for the custom entity which the users will see
  • Plural name is the name seen in views etc
  • Name (schema name) is the customizer name, not seen by end users
  • Primary image selected will add a field called image and will allow one image to be added to a each record of the custom entity.
  • Primary image, once ticked cannot be unticked
  • IF an entity is selected as an activity this cannot be undone
  • The primary field is always a single line of text
  • Entities in a lookup field will display the primary field value
  • Areas that display this entity are areas where the entity will be visible. Changes will be written to the sitemap not part of the entity.
  • Additional entity options
  • Business process flows – this will create extra fields and cannot be turned off
  • Notes, activities, Business process flows, connections, Queues, sending email cannot be disabled if selected
  • Allow Quick Create – allows quick create forms which are minimized forms with important fields
  • Some default entities have Allow quick create disabled and cannot be enabled.
  • CRM For Phones, CRM for tablets, if selected the entities will be available on phones and tablets.
  • Renaming entities is not straight forward, labels, reports and views will also need to adjusted
  • Custom entities can be deleted if all dependencies have been removed
  • System entities cannot be deleted


  • CRM 2013 has a maximum of 1023 fields
  • For some fields Microsoft adds other fields e.g. currency adds extra fields for Base Currency, exchange rate, currency value and base currency value.
  • IN CRM 2011 and earlier the SQL structure was held in two tables. The base table holds the system fields and the extended tables holds the custom fields.  A filtered view was created to show both tables in one view.
  • CRM 2013 the two tables are merged but the filtered view is the same.
  • The filtered view has been persisted to support reports written using it.
  • The filtered view takes into account a user security roles and permissions
  • Be careful adding lots of fields to an entity, there are constraints on the SQL database table and views.
  • Single line of text can have the format of Email, Text, Text area, Url, Ticker Symbol, Phone
  • Single line of text can be between 100 characters to 4000
  • IME mode is for Chinese, Korean and Japanese characters
  • IME Mode has four modes – Auto, Active, Inactive, Disabled
  • Option set – Use Existing option Set if set to yes uses a global option set values
  • Two options are always stored as 0 = no – 1 = yes
  • Two options will always have a value and cannot be null
  • Two options can be formed on the form to be Two radio buttons, Check box or list
  • Whole numbers are the SQL server equivalent of an integer (no decimal)
  • Whole number format = none, Duration, Time Zone, Language
  • Whole number duration is held in minutes
  • Floating points can contain a decimal
  • Floating numbers are rounded, which means they can be rounded up/down and liable for small rounding errors.
  • Floating number precision refers to the number of digits after the decimal, max = 5
  • Decimal number is not rounded
  • Decimal number precision max = 10
  • When a currency field is added to a form, if it’s the first currency field then additional fields of exchange rate, currency, price and base price are also added.
  • Currency precision is between 0 and 4.
  • Multiple line of text field max length is 1048576 characters
  • Date and time field can have the format of Date only or date and time.
  • 24 system entities can have the new image field
  • Account, Contact, Lead, Product, Competitor, resource, publisher and user have image enabled by default.
  • You can add a maximum of one image field to a custom entity
  • It is not possible to add an image field to a system entity.
  • The entity image will always have the default schema name of entityimage (with no publisher prefix)
  • The fixed schema name – entityimage stops more than one image field being added to a custom entity.
  • Image field max size is 5 Megabytes
  • Image file extensions supported are jpg, jpeg, gif, tif, tiff, bmp, png
  • Uploaded images are resized to 144 x 144 pixals
  • Field requirement levels are – optional, Business recommended, Business required.
  • Requirement levels are form validation only. Importing and plugins do not have to supply data to business required fields
  • Fields have a searchable property, if this is set to know the fields will not be displayed in advanced finds
  • Auditing for fields can be turned on or off at any time.
  • You can bulk edit fields to set Field requirement, Searchable and auditing properties
  • Local option set is only available on one form
  • Global option sets can be used in multiple forms.
  • Custom and system entities have Status and Status Reason fields
  • Status is active/inactive
  • Status reason (schema name statuscode) has the reason for the status
  • Status reason is an optionset of values for each status
  • Fields dependencies will not show references in Javascript or web resources.
  • You cannot delete a field without removing all the dependencies first.
  • System fields cannot be deleted.
  • Fields which are referenced in workflows or dialogs cannot be deleted.

Tips on passing MB2-703 – CRM 2013 Customization and Configuration Certification

I finally took the MB2-703 exam and passed, YIPPPEEEE

This is the 3rd time I have taken the customization and configuration exam because I have taken it for

  • CRM 4
  • CRM 2011
  • CRM 2013

Every time I take the exam, during my studying and preparation for the exam I always learn or understand how CRM works a bit better. The certifications involve studying new functionality added in each new release of CRM but my understanding is different and I focus on different aspects of CRM and try to understand how the internal CRM mechanics are working and I wrote articles like these

CRM 2013 – When should you create a custom activity entity?

CRM Entity ownership – How do you decide?

To see all the articles, questions and videos I have created for the CRM 2013 customization and configuration certification click the link below

I have also createde some links to some good free articles on subjects on the exam but alas there isn’t many links there because I started to late with that idea

It’s worth the effort

The value of the certification comes from the studying and reading for the certification rather than having the certification.  It was a great motivator to learn the new functionality because to make the exams different there is usually an emphasis on new functionality, which is logical because otherwise the exams could be quite similar.

I find it useful to refresh my knowledge on areas I haven’t used for a while, forgotten and the new functionality which I may not have used yet.

Learning the information to a level you can pass a certification does reinforce the information and helps it stick in your mind.

I have written before

CRM 2013 – Why you should take and pass the Configuration and Customization Certification

A quick recap  why I think it’s worth studying for the latest CRM certifications

  • Learn how the new functionality works, particularly it’s limitations
  • Study CRM functionality you don’t use very often
  • Refresh your knowledge on CRM
  • You get a broad knowledge of CRM

My process of studying

Read the MOCS (Microsoft Official Circiculm)

You can find the link to the MOC’s for all the certifications here.  The MB2-703 MOC link is below.

MB2-703: – Microsoft Dynamics CRM 2013 Customization & Configuration

The MOC should be the solid base to build your studying for the certification around.  The MOC covers all the areas which will be in the exam and unlike CRM 2013 books, only focuses on the areas which will be on the exam.

Read articles on the subjects

The MOC’s are great but they can be a bit dry and I like to read articles on areas of the exam.  Articles are small bite sized chunks with the added benefit of usually containing examples and screen shots.  The real world usage of CRM 2013 functionality is very useful for understanding how the CRM 2013 functionality can be used and limitations

Take notes

Taking notes is a good way of highlighting the important points for revision and condescending the MOC’s, blog posts and other sources of information into a smaller collection, which you can revise from.

Using CRM 2013 trial

There is no better way to learn the functionality of CRM 2013 than by using it.  If you are fortunate you will use CRM 2013 every day in your job, but there are still areas you don’t use very often, but make sure you know how they work rather than just the theoretical knowledge of how they work.

Tips on passing the certification

New Functionality

Study the new functionality added into CRM 2013

  • Business Process Flow
  • Business Rules
  • Access Teams

Use CRM 2013

Don’t just read and study about CRM 2013 topics, but actually try it out with a CRM 2013 trial

  • This will give you some practical knowledge/experience of the functionality
  • It will help you understand how it really works, which isn’t always the same as it says in the manual
  • You learn how it doesn’t work (important, particularly for the exam)
  • It creates experiences and visual images which will help you recall information in the exam
  • You will have experience of using the functionality, which is useful for your job

Write your own study notes

Going through the process of making notes when reading the MOC’s or articles on the exam subjects I would make notes.  The process of taking notes means you have to understand the material and select the key points.  To do this you have to actively think about the topic and subjectively understand it to the key features/limitations.  I believe this will help you learn and increase your understanding.

The benefit of taking notes is you can use them to study with later.

Blog about the CRM 2013 functionality

Teaching and explaining about a topic makes you learn and understand the topic in more detail.  This will give you a deeper understanding of the functionality.

I found writing about the security and business rules very useful

CRM 2013 – MB2-703 – Business Units and Security Roles Study Information

CRM 2013 – Understanding Business Rules

If questions came up about these topics I had a very good understanding and could work out the answers

Exam tips


Book the exam so you have a deadline

This is a great motivational tool and will stop you keep putting off taking the exam.

Create some practise questions or use mine to practise

If you are studying with someone else both create practise quesitons and notes, share them with each other

There is some practise questions you can find on my blog post below

Study Notes

Create your own study notes, you will be learning and reinforcing the information by creating the notes and reading study notes is quicker and easier than MOC’s or blogs

My study notes are here

CRM Chat Study notes can be found here

CRM GEEK for CRM 2011

The study notes are very useful, 46 pages of good notes about the CRM 2011 Customization and Configuration exam.

Exam Techniques

  • Get there early, sometimes the test centers are in odd places which could take some time to
  • Take your time in the exam (you will have plenty)
  • On each question, first eliminate the answers you know are wrong, usually there are some obvious answers which are wrong.  This will leave you with a smaller choice
  • Review all the questions, just to make sure you haven’t made any silly mistakes

Business Process Flow Facts, Functionality and Limitations

What are Business Process Flows?

Business process flows are new functionality added in CRM 2013, they provide a guided business process which can span multiple entities.  Business process flows are role based allowing you users with different security roles to use different process flows

Business process flows work Mobile (tablets), Outlook and browsers.

Business process flows provide a step by step guide through processes which can be split into distinct stages.  When the user is in a Business process flow the user can add data to fields in a process bar, which shows the key fields for each stage.

The Lead to Invoice business process flow is created in the out of the box CRM 2013.  There are 3 business process flows activated by default.

Field level security is applied to the fields in the business process control but if a field is required to be filled in but the user doesn’t have the correct field level security permissions, the business process flow will act as if it has a value.  This ensures users cannot get stuck in a business process flow due to lack of field level security privileges.

For a quick introduction to Business Process Flow I recommend reading this blog

A Quick Introduction to Business Process Flows in Microsoft Dynamics CRM 2013

Practical considerations

I have listed the details and limitations of how Business process flows work in the Hosk notes below but here are a few key points

You can only run one business process per record.  This means you can switch business process flows if you security role allows but you do this by quitting the current business process flow.

You can stop a user from moving on a stage by making a field required

Stats – each entity can have 10 business process flows! A business process flow can have 30 stages.

All fields on an entity can be used in a business process flow, even fields which are not held on the form.


MB2-703 Resources

For those studying for the CRM 2013 Customization and Configuration exam, there is plenty of material I have created with various notes, explanations, videos and practise quesitons

MB2-703 – CRM 2013 Customization and Configuration Certification

 Hosk’s Business Process Flow Notes

  • Business process flows do not run but provide a means of added data to various entities/fields for those entities in the business process flow
  • Business Process Flows cannot be disabled once enabled
  • 29 entities have been updated in CRM 2013 to use the new form style which also means that they can use the new Business Process Flows and Business Rules
  • Entities with the navigation bar and left hand menu (CRM 2011 style) cannot use business process flows.  To enable these forms you would need to merge or recreate them in CRM 2013 GUI style
  • Business process flows are not started but will begin automatically on the creation of an entity
  • Users can switch between business processes manually (cannot happen automatically)
  • You can switch between business process flow programmatically using That could be done through JavaScript or plugin.
  • Business processes do not have any conditional or branching logic. They run in a linear, staged process.
  • Business processes cannot be exited or abandoned, the user can come back
  • Each entity can have no more than 10 activated business process flows
  • Each process flow has a maximum of 30 stages
  • Multi-entity process can use no more than five entities.
  • You can only run one business flow for each record
  • Current process and stage is a unique identifier. This allows the user to return to the process at a later time.

business process flow

  • Stage gating is making field required before a user can move to the next stage
  • Business process flows can be associated with security roles, so only users with specific security roles will see the business rules.
  • If you create an entity and the entity and your security roles have multiple business process flows available, the user will be presentation with a choice.
  • If you switch processes, it will start at the first stage of the process.
  • To enable a custom entity for a business process flow, you check Business Processs flows checkbox, this cannot be unticked and will create some fields on the entity.
  • Only entities which used the CRM 2013 – updated forms can use business process flows.
  • Business process flows are linear, there is no branching or logic
  • Business process flow have required steps the user must go through
  • When you enable business process flow on an entity and publish, two fields of type unique Identifier are added to the entity called ProcessId and StageId
  • 25 system entities can be enabled for business process flows
  • All custom entities can be enabled for business process flows
  • It’s possible to have up to 10 active business processes per entity
  • A business rule process can have 30 stages over up to 5 entities
  • All entity fields can be used within a stage, even fields not on the entity form.
  • If the field is on the main form, the value will sync as soon as the user sets the focus onto another field
  • When a field is updated in the business process flow it will trigger related business rules and javascript
  • Field level security is applied to fields in the process control
  • You can peak at other stages in business process by pressing the arrow buttons (But it won’t move the current step they are on), unless a stage involves creating an entity where the arrow will be padlocked
  • Security roles are applied to business process rules, this limits access like forms.
  • By default system administrator and customizer have access to business process flows
  • If there are multiple business process flows and the user has access to them, the user can user can switch between process flows for the same type of entity (e.g.  other contact business process flows)
  • You can copy a business process flow regardless of the business process status
  • To copy a business process flow, open the business process flow and choose Save As
  • When a business process flow is copied it exists in the default solution not a company solution.
  • Only deactivated business process flows can be edited.
  • Business process flows have stages, each stage can have many steps
  • Different entities used must have a N:1 relationship to the previous entity
  • To use an entity used in a previous stage you select the Close Process Cycle option
  • You can apply a different field label to fields in the process control
  • Javascript or business rules triggered by changing a field value, if they hide a field on the form, the field will also be hidden on the business process flow control.
  • Fields changed to read only by Javascript or business rules are not read only in the business process flow control.
  • Fields requirement setting is the same on the form as the business process flow control.
  • If a user doesn’t have the correct field level security and the field is a required field in the business process, it will treated as if the field has a value and the user can continue the business process flow



CRM 2013 – MB2-703 – Quick Fire Business Rules Questions

It’s been a long time coming but I finally finished writing the quick fire questions for Business Rules for the MB2-703 – CRM 2013 Customization and configuration certification

For the other Exam summaries, Exam notes and other test questions click the link below

These are quick fire questions which are true or false.  They are not like the proper exam questions which are multi choice but this will test your knowledge and you can blast through them quickly.


MB2-703 – CRM 2013 Customization and configuration exam questions

I have been working on creating some questions for all the security section for the MB2-703 -CRM 2013 Customization and Configuration certification.

I have created some exam type questions to test your knowledge on the security section of the certification.

I have already created some questions for Solutions which you can find on the link below

Blog – Solution Test Questions

Video – Solution Test Questions

and here is the blog with the Security quick fire questions

 MB2-703 – CRM 2013 Customization and Configuration quick fire questions

I have uploaded a power point file into slide share because this is a really easy and quick way to do the question. There are 13 questions and doing these should take you 5  minutes, more if you really concentrate.  So come on test your knowledge and see if you are ready to take the real exam

Here is the video where I go through the questions and explain the answers




Don’t forget all the MB2-703 studying information can be found here

CRM 2013 – MB2-703 – Quick Fire Security Test Questions


I have been working on creating some questions for all the security section for the MB2-703 -CRM 2013 Customization and Configuration certification.

I have created some quick fire – True or False questions to test your knowledge on the security section of the certification.

I have already created some questions for Solutions which you can find on the link below

Blog – Solution Test Questions

Video – Solution Test Questions


I have uploaded a power point file into slide share because this is a really easy and quick way to do the question. The security section was so large there are 27 questions and doing these should take you more than a few minutes.  So test your knowledge



I go through the questions with some explanation in the video below


Don’t forget all the MB2-703 studying information can be found here

CRM 2013 – MB2-703 – Security Exam Cram Notes

This blog contains the study notes for the MB2-703 – CRM 2013 Customization and configuration exam and for the area of Security.

Security covers a lot of topics and is worth 10-15 percent of the final exam marks, so you definitely need to know the functionality and limitations of security.

I have gone through the separate parts of security in the blogs below and there are videos going through these which you can find on the youtube playlist

All the study notes for the MB2-703 exam can be found on the page link above or clicking the link below

These notes are the to revise the key concepts of security for the MB2-703 – Microsoft Dynamics CRM 2013 Customization and Configuration certification

There is a video going through the list below with some explanation

Business Units and Security Roles

  • When a business unit is disabled the users in that business unit cannot access CRM
  • users of a disabled business unit will still consume a CRM Licence
  • child business unit users will also not be able to access CRM
  • the records of a disabled business unit user are not disabled.
  • To delete a business unit you must remove all child business units and any users or teams linked to the business unit
  • To delete a business unit you must disable it first
  • Each business unit has a default team of the same name
  • you cannot add users to a default business unit team
  • you cannot delete a default business unit team
  • Equipment/Facilities and Resource Groups do not need to be removed before you can delete a business unit
  • business units can have separate security roles, even with the same name!
  • Disabling a business unit (and child business units) will mean all the users in that business unit won’t be able to login to CRM.
  • moving business units is done by changing the business units parent
  • The Root business unit is a default business unit which has the same name as the organisation.
  • You cannot delete the Root business unit, you cannot disable it
  • You cannot create a business unit above the Root business unit, e.g. you cannot give it a parent.
  • Business units are used to create a hierarchy and this is in a tree structure.  The Root business unit will be at the top.
  • none of the data is affected by disabling business units, its only the users who cannot then log in but it is important to take into account all the child business units will also be disabled.  This only applies to inherited roles. Roles that are created in a BU explicitly will move with it
  • The users are not disabled but cannot login into CRM whilst the business unit is disabled.  As soon as the business unit is enabled they will be able to log into CRM again.
  • if you want to delete the business unit then you will need to change all the users/teams that are assigned to that business unit.  You also need to disable the business unit before you delete it.
  • You cannot delete the default business unit team but it won’t stop you deleting the business unit because this will be deleting automatically when you delete the business unit.
  • When you disable a business unit, it disables all child business unit.  The users in these business units will not be able to login
  • When you change the parent of a business unit, it removes and rebuilds all the security roles of the inherited security from the parent business unit.  So all the users in the business unit will have no security roles and they will not be able to login
  • Users can login if they are part of a team which has security roles.  They won’t be able to set any personal options.
  • You can change the Name of a business unit.
  • You Can change the name of the root business unit.

Security Roles and Teams

  • if a user doesn’t have a security role he cannot access the system, so every user must have at least one security role.
  • Security roles are linked with the user business unit to calculate what records the user can access.
  • Users receive their permissions to work on records or use features based on the combination of Security Roles they are assigned and the Business Units to which the users belong.
  • Security roles can also be assigned to teams and if the team a user is a member of has higher security privileges then this will override their individual security roles.  The user will also use the highest security levels it is assigned, whether that’s from a security roles assigned to the team or individual security role
  • Users can be assigned multiple security roles, this means it’s possible to create security roles just for single purposes.
  • There are 15 default security roles in CRM
  •  The default security roles are all created in the root business unit.
  • A security role stays in the business unit it is created in and they copy down to any child business units.
  •  if you create a security role in the root business unit then the security role will be copied to all the child business units below it.
  • User can be assigned any security role which exist in their business unit.
  • only security roles which exist in the root business unit can be added to a solution file.
  • it’s quicker to modify existing security roles than create new ones
  • All security roles are the same except the System Administrator role which is a super role.
  • The System Administrator role automatically has access to all records and entities, including all custom entities.  It has the default access level of organisation for all privileges.
  • At least One user must have the System Administrator role, this is by default given to the user who installed CRM
  • Multiple users can be assigned the System Administrator role and you can remove the role from users but you cannot remove the role if that user is the only user who has the System Administrator role.
  • The System Administrator role also is given the System Admin field level security role, which as I’m sure you can guess gives them access to all field level security.
  • It’s possible to copy the System Administrator role and it will create a security role but the security role will not automatically have access to any new custom entities added and it basically won’t have the special powers of the System Administrator role.
  • Teams have security roles (this can affect which form is used)
  • There are some privileges which do not have organisation levels these are always show under miscellaneous privileges and these are either true or false.  These are things like

Go Offline

Export to Excel

Publish articles


Manage user access, Teams and sharing

  • The security authentication in CRM is not really handled inside CRM.  A bit like the way CRM lets outlook/email router do all the emailing, CRM also gets another piece of software to do the authentication of users.
  • the most common authentication method is active directory
  • You can also used Internet facing deployment (IFD) where the authentication is either AD FS (active Directory Federation Services) or STS (Secure Token service)
  • Online security – Microsoft Online Subscription Program (MSOP)
  • A user can have one manager which is a user lookup field on user record

Functionality to manage users and you can find these by going to Settings – Administration

  • Creating users, teams, Security Roles
  • assign/move users to teams, assign security roles to teams and users
  • Disable business units
  • Delete Security roles, Delete teams
  • Move users between teams
  • Manager


  • You cannot delete users in CRM you can only disable them
  • If you disable a user the user won’t be able to log into CRM
  • a disabled user doesn’t use a CRM license
  • The records assigned to the user are still active.  Best practice is to assign all the records assigned to the disable user to another enabled user.
  • You need to work out if the user is used in the workings of any workflows, these will still work but it’s not good practice to assign records etc to an disabled user.
  • Users must always be assigned to business unit and can only be assigned to one business.
  • Security roles and teams security roles are additive, so adding a user to a team won’t remove any security privileges to the user


  • Teams are optional
  • Two types of teams Access teams and owner teams
  • Owner Team can own records
  • Owner Teams can be assigned security roles
  • Access teams cannot own be assigned security roles or own records.
  • An owner team can be converted to an access team
  • An access team cannot be converted to an owner team
  • Each business unit create a default team which you cannot delete and you cannot add members to
  • Teams can be assigned security roles
  • Team and users can be the owner of records


Business units and default owner teams

  • Business units have a team created automatically, the team name will have the same name as the business unit.  Any members created and assigned to the business unit will automatically be added to the default business unit team.
  • It’s a dynamic team which CRM keeps up to date.
  • It cannot be edited but you can assign security roles and these security roles will apply to all members of the business unit.
  • default business unit team cannot be re parented, deleted or renamed and it’s members cannot be modified.


  • In CRM you can share records between users and teams.  Sharing gives the user being shared to the same privileges to that individual record as the user who is sharing.
  • Sharing bypasses business unit – access level parts of security because when you share records it basically ignore the level (organisation, business unit, user)
  • Sharing records to a team is like sharing the record with every member of the team, except in the PrincipalObjectTable this is only one entry
  • using the business unit default team you can share records to all users in different business units.
  • You can share more than records, you can also share Charts, Views and Dashboards.
  • Users can only share their personal views, charts and dashboards.
  • When a user shares the components (charts, views and dashboards) they also choose what privileges you want the user/team to have with the component

The privileges you can share are








Re-parenting users/teams

  •  Re-parenting a user/teams business unit has a drastic effect on the security roles the user or team had, it REMOVES THEM ALL.
  •  So if you ever change a user/teams business unit you will need to assign the user or team some security roles in the new business unit.
  • This sounds drastic but it actually makes sense if you think about it logically.  Each business unit has it’s own set of security roles, these are usually copied down from the parent business units.  So when you move business unit, it removes all the security roles and it can’t automatically add them all back because not all the security roles may exist in the new business unit or the security roles could be vastly different with completely different privileges, so the user must add new security roles.
  • This is also true if you re-parent a whole business unit because all the users will have had all their security roles removed.
  • Remember users without security roles cannot log into CRM.
  • If a user is re-parented they lose their security roles but they won’t be removed from any teams, this would probably allow them to login to CRM but the user won’t be able to change any personal settings, or view any components the user created.
  • If a team is re-parented then every member of team will lose all their security roles because the team will have had all it’s security roles removed.
  • An efficiency trick is if you want to remove all the security roles for a user or team is to move business unit



  • Auditing has three levels – Global, Entity, Field
  • Auditing is enabled in System settings and then for each individual entity
  • Any entity can be audited
  • if auditing is not enabled at organisational level, it doesn’t matter if auditing is turned on at an entity level, nothing will be audited.
  • audit logs are partitioned every 3 months.  These can be  deleted in the audit log management screen
  • User has to have the View Audit History privilege
  • when you turn on auditing for an entity, all the available fields are by default enabled for auditing
  • Audit logs management is done by a system job
  • Some System fields are not applicable for auditing

Owning Business Unit
Owning User
Customer AddressId


Access Teams and Access Team Templates

  •  Access teams are new functionality added in CRM 2013 (so expect some questions)
  • Access Teams and Access team templates are a method to share permissions and records, which is easier to manage, quicker to add/remove users/teams because Access team templates will applying a standard set of privileges (read, write, delete, append, append to) rather than having to set this up for each individual user/team.
  • Access Team templates are enabled on an entity basis and you have to enable Access Teams on the entity in the communications and collaboration section
  • Access teams can be ticked and un ticked on an entity (unlike Queues)
  • You need to customize the form of the entity you want to add the Access Team Template to and in my case it’s the account form
  • You need to add a sub grid to the form
  • Records – All TypesEntity – UsersDefault View – Associated Record Team MembersTeam Template – Hosk Account Access Team – this is the team template I created in the step before, yours is probably called something different.
  • When you add a user to the user grid it will automatically create an Access Team but the odd things is you can’t view this team in the Teams section in Administration
  • You can view access teams by using the advanced find, search for Teams and choose of type Access.
  • You add users to the access team via the sub grid on the record.
  • you can add users directly to the access team.
  • You can more than one Access Team template for each entity
  • The default number of access teams templates for each entity is two
  • The number of access team templates you can have for each entity is controlled by theMaxAutoCreatedAccessTeamsPerEntity deployment setting.
  • MaxEntitiesEnabledForAutoCreatedAccessTeams deployment setting has a default value of 5.  This controls the number of entities it’s possible to enable for auto-created access teams.
  • You can change the MaxEntitiesEnabledForAutoCreatedAccessTeams , MaxAutoCreatedAccessTeamsPerEntity  only on Premise installations and you cannot edit them for Online.
  • A system generated Access Team isn’t created for each record until you add a user to the sub grid on the entity.
  • if you delete the team, this is the same removing all the members in the sub grid on the record.
  • if you change the access rights on Team Template this will only change the access right to new entity records/access teams.  Any records already created will use the previous set of privileges.
  • Access teams with Share access right ticked will mean any user who is in access team will be able to add (share) others to the access team for that record.
  • Users cannot grant privileges they do not have.  So a user can only add new members to an access team where the access team template has delete privilege only if that user has the delete privilege for the entity.
  • Access Teams created automatically by adding users to them are not shown in the system team views
  • If you want to delete a Access Team Template you will need to remove all the sub grids using that specific Access Team Template before you can delete it.


Owner Team

  • Owner teams in Microsoft Dynamics CRM can have security roles
  • Team can own records

Access Team

  • Access teams cannot be granted security roles
  • Access teams cannot own records
  • Accesses records through sharing
  • Sharing privileges are defined by an access team template but don’t change dynamically for existing records if the template changes
  • Access teams are not displayed in most system views
  • You can add/remove users directly on the subgrid of the record you want to share access to.


Field Level security

  • Enabling or disabling of field level security by setting the IsSecured attribute cannot be audited.
  • System Admin is has all privileges on all field level security fields, the user has a System Administrator field security profile where all values are set to yes and will be for any fields checked for field level security.
  • Every field enabled for field level security is added to all field level security profiles
  • when you turn on field level security for a field, it will automatically be added to all Field Level security roles with Read, Create and Update all set to No.
  • New field level security fields can only be seen by users with the System Administrator role, so you have to go and configure the field level security privileges.
  • Every field level security profile will include all fields with field level security enabled.
  • Fields that are ticked for field level security will be added to field security profiles but with Read, Update, Create all set to No, so you must go in to configure
  • users/teams can be added to more than one field level security profile.
  • *** asterisks show if a user does not have read access to a field
  • *** asterisks show even if the field is null/blank
  • You cannot delete the System Administrator field level security profile
  • You can only set field level security on custom fields!