What Security Model Makes Sense for Your Portal?

by | Updated August 1, 2020 | Dynamics CRM

Security models for portals

Dynamics 365 Portals has seen some great improvements and is rapidly becoming a cornerstone for a majority of Dynamics 365 Customer Engagement implementations. Portals are used to set up an interactive web-based sales, services, support, and social engagement application platform to connect with the customers, engage communities, manage site content, and empower your channel partners. Once you have identified the general scope of what your portal will be, you will want to start to design the security model that protects it.

Dynamics 365 portals include capabilities to secure access to different parts of the portal content based on the target audience and relationship to the content. Portal security governs both visibility and management of specific content such as individual pages or the entire sections of a side. Keep in mind that portal security is different than Dynamics 365 CE security and they are not interchangeable.

Depending on the purpose of your portal, visitors can play different roles. Below is a list of different roles.

Portal Visitor Roles

Anonymous

Some visitors browse the portal site to get more information about your company and its services and do not sign in.

Community Members, Customers, Partners, Employees

These site visitors are your target audience, either internal or external. They use the portal to access protected information or interact with the portal.

Content Managers

They publish and manage the site content. It is common for them to have a license to access Dynamics 365.

Administrators

They keep the portal up and running, and are responsible for all aspects of the portal. They often work together with the Content Managers and typically have a Dynamics 365 license.

When a visitor signs in, it is always associated with a contact. Dynamics 365 Portals uses a number of entities to define authorization, that is, what a user is allowed to do. The authorization process covers access to pages, website authoring, content publishing, blogs, forms, ideas, knowledge articles, and Dynamics 365/Common Data Service data.

Create Web Roles

After a contact has been configured to use the portal, it must be given one or more web roles to perform special actions or access content on the portal. For example, to access a restricted page, the contact must be assigned to a role to which read for that page is restricted. To publish new content, the contact must be placed in a role that is given content publishing permissions.

To define permissions, a web role can be associated with the following records:

  • Website Access Permissions
  • Web Page Access Control Rules
  • Publishing State Transition Rules
  • Ideas, Blogs, Forums Permissions
  • Entity Permissions

Role Assignment

Contacts

A portal contact can be assigned one more web role at a time.

Accounts

An account can be assigned one or more web role. All contacts under that account will inherit the role assigned.

Invitations

These can be associated with a parent account and a set of web roles. When a contact accepts that invitation, they will be assigned the account and web roles.

Web Roles also include Anonymous Users Role and Authenticated Users Role which allows you to apply permissions and access rules to all portal users based on whether they access the site anonymously or if they are signed in. Contacts do not have to have the Authenticated User Role assigned.

Now that we have covered the concept of web roles, let us see how they can be used to shape permissions for the portal.

Control Webpage Access for Portal

Web page access control rules are records that you create for your portal to control both the publishing actions that web role can perform across the pages of your website and to control which pages are visible by web roles. When you create a web page access control rule, you need to specify the Web Page and the Right. Once you have created a new access control rule, you can associate it with one or more web roles.

There are two types of access control rule: Grant Change and Restrict Read

Grant Change

Grant Change allows a user in a web role associated with the rule to publish content changes for this page and all child pages of this page. Grant Change takes precedence over restrict read.

For example, you might have a News section on the site, which you want to be editable by users in the News Editor web role. These users might not have access to the entire sit, and certainly cannot edit the entire site, but within this branch, they have full content publishing authority.

Restrict Read

Restrict Read is used to limit viewing of a page and its child pages. It is a restrictive rule that restricts the action to a limited set of users.

For example, you might have a section of the site meant to be used by employees only. You can restrict read access of this branch to only people in the Employee web role.

Website Access

Website Access Permissions is a permission set, associated with a web role, that permits front-side editing of the various content managed elements within the portal other than just web pages. Once the grant change right is applied to a page, users in associated web roles will be able to edit the page and set properties. These website access permissions are defined on a per-site basis. It is not possible to enable and disable these permissions selectively for an individual page where the grand change right applies.

We have covered the fundamentals of Dynamics 365 Portals security. Portal features provide out-of-the-box flexibility that allows you to build robust, versatile portals where security can be configured to satisfy even the most complex business requirements when it comes to the content. Subscribe to our blog to learn more about Dynamics 365 Portals along with other technology and Dynamics information.

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

august

10aug(aug 10)8:00 am11(aug 11)11:00 amPower BI for Dynamics 365 - Online Workshop

11aug10:00 am10:30 amThe Modern Manufacturer - Enterprise Asset Management

11aug12:00 pm12:30 pmBusiness Intelligence with Dynamics 365 Finance and Supply Chain Management – Game Changing Insights and Analytics

11aug2:00 pm2:30 pmUsing Technology to Manage Complex Sales Pricing, Commission, and Rebate Programs

18aug10:00 am11:00 amTop Five Reasons Why NOW is the Right Time to Move from Salesforce to Dynamics 365 Customer Engagement

18aug10:00 am12:00 pmIntro to Power BI for Dynamics 365 Business Central – Online Workshop

18aug12:00 pm1:00 pmSolving the Biggest Challenges in Agribusiness Through Innovation and Technology

september

01sep10:00 am10:30 amEnsuring Quality and Compliance for Batch Manufacturers in Life Sciences

01sep12:00 pm12:30 pmIs it Worth It to Move to the Cloud? A Look at Considerations for Current Agribusinesses Using Dynamics GP

01sep2:00 pm2:45 pmWhat’s New in Dynamics 365 Finance and Supply Chain

08sep12:00 pm4:00 pmSecurity and Permissions Training for D365 Business Central or Dynamics NAV

22sep10:00 am10:30 amStreamlining Batch Manufacturing with Technology

27sep(sep 27)9:00 am15oct(oct 15)11:00 amDynamics 365 Finance & Supply Chain Development Training - Online Workshop

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X