A common question I get from clients is “How do I only expose part of the system to specific groups? I don’t want to give the customer service reps access to the salespeople’s Leads.” In the past, you could accomplish this by updating security access and limiting navigation, but it was never very easy to manage. Enter apps! Apps are Microsoft’s way of allowing you to selectively expose different parts of Dynamics, and limit access to specific groups.
I access apps from the Settings tab and click “My Apps”. When I first do this, I can see the default app that comes with my Dynamics instance. It’s going to look fairly familiar – it gives access to the entire system.
But, what if I have a customer service group that I want to only have access to Accounts, Contacts, and Cases? I can create my Customer Service App!
Here’s how I do it. First, I need to access the App Designer. Go back to Settings…My Apps and click “Create App”.
This will bring up the screen that allows you to name your app, and specify the substring you want to put at the end of your Dynamics’s URL to access your app:
When I click “Done”, I will be in the app designer itself. I now want to add the entities that I want to expose from my App – in this case Accounts, Contacts, and Cases. I click the “Entities” tab along the side:
This will bring up a list of all entities that I can select from, and add each to the Entity View.
I then click the Back button, and then “Save”. I then need to configure a Site Map for my App. I have a separate blog post on using the new Site Map designer (yay!). The last thing I want to do before I Publish my app is click “Validate”. This will give me a list of warnings and errors for my app. In my case, I have 3 warnings that I haven’t specified forms and views for my entities, and users will be able to see all forms and views.
I can limit the forms and views available to users in my app in the Forms and Views cards in the Entity View. So, for example, if I want to limit users to being able to use the Account form, and not the Information form, I click on the Account Forms card.
This will expose all the Main, Quick View, and Quick Create forms. In this case, I want to limit users to the Account form.
To make my app publicly available, I click “Publish”. And if I click “Save and Close”, I will be able to go back to Settings… My Apps to view my new App.
And now, I have a version of Dynamics that just exposes Accounts, Contacts, and Cases, instead of the full range of Dynamics entities.
I can then limit who can see the app by security role. For the default app, I can only “Hide for all roles”. But for the apps I create, I can specify which roles I want to allow access to the app. So, in theory I could hide the default app, which gives access to the full suite of Dynamics entities and functions. Then I could create apps that expose only those entities and views that I want for specific security roles – giving me an easy way to control who can view what in my Dynamics universe. Finally!
Go check out my related blog post on the new, long awaited Site Map editor, and create your first Dynamics app.
Want to more about what we do with Microsoft Dynamics 365? See more here!
One thought on “Apps and Security in Microsoft Dynamics 365”
Hi, great article. I have an App for a group of people that we want to lock to their own Cases etc. I can hide the default App for all roles, that works.
My issue is that if the logged in user, in the custom App, deletes the URL information after dynamics.com… They log into full CRM anyway? Am I missing something?
If this behaviour is by design then Apps are not a viable ‘security’ method to limit access.
Put another way, the approach would be to secure the Main CRM site for those users as the main approach and the custom App is a ‘nice to have’ UI navigation tool.
Would appreciate your thoughts.