What Security Model Makes Sense for Your Portal?

by | Updated August 1, 2020 | Dynamics CRM

Security models for portals

Dynamics 365 Portals has seen some great improvements and is rapidly becoming a cornerstone for a majority of Dynamics 365 Customer Engagement implementations. Portals are used to set up an interactive web-based sales, services, support, and social engagement application platform to connect with the customers, engage communities, manage site content, and empower your channel partners. Once you have identified the general scope of what your portal will be, you will want to start to design the security model that protects it.

Dynamics 365 portals include capabilities to secure access to different parts of the portal content based on the target audience and relationship to the content. Portal security governs both visibility and management of specific content such as individual pages or the entire sections of a side. Keep in mind that portal security is different than Dynamics 365 CE security and they are not interchangeable.

Depending on the purpose of your portal, visitors can play different roles. Below is a list of different roles.

Portal Visitor Roles

Anonymous

Some visitors browse the portal site to get more information about your company and its services and do not sign in.

Community Members, Customers, Partners, Employees

These site visitors are your target audience, either internal or external. They use the portal to access protected information or interact with the portal.

Content Managers

They publish and manage the site content. It is common for them to have a license to access Dynamics 365.

Administrators

They keep the portal up and running, and are responsible for all aspects of the portal. They often work together with the Content Managers and typically have a Dynamics 365 license.

When a visitor signs in, it is always associated with a contact. Dynamics 365 Portals uses a number of entities to define authorization, that is, what a user is allowed to do. The authorization process covers access to pages, website authoring, content publishing, blogs, forms, ideas, knowledge articles, and Dynamics 365/Common Data Service data.

Create Web Roles

After a contact has been configured to use the portal, it must be given one or more web roles to perform special actions or access content on the portal. For example, to access a restricted page, the contact must be assigned to a role to which read for that page is restricted. To publish new content, the contact must be placed in a role that is given content publishing permissions.

To define permissions, a web role can be associated with the following records:

  • Website Access Permissions
  • Web Page Access Control Rules
  • Publishing State Transition Rules
  • Ideas, Blogs, Forums Permissions
  • Entity Permissions

Role Assignment

Contacts

A portal contact can be assigned one more web role at a time.

Accounts

An account can be assigned one or more web role. All contacts under that account will inherit the role assigned.

Invitations

These can be associated with a parent account and a set of web roles. When a contact accepts that invitation, they will be assigned the account and web roles.

Web Roles also include Anonymous Users Role and Authenticated Users Role which allows you to apply permissions and access rules to all portal users based on whether they access the site anonymously or if they are signed in. Contacts do not have to have the Authenticated User Role assigned.

Now that we have covered the concept of web roles, let us see how they can be used to shape permissions for the portal.

Control Webpage Access for Portal

Web page access control rules are records that you create for your portal to control both the publishing actions that web role can perform across the pages of your website and to control which pages are visible by web roles. When you create a web page access control rule, you need to specify the Web Page and the Right. Once you have created a new access control rule, you can associate it with one or more web roles.

There are two types of access control rule: Grant Change and Restrict Read

Grant Change

Grant Change allows a user in a web role associated with the rule to publish content changes for this page and all child pages of this page. Grant Change takes precedence over restrict read.

For example, you might have a News section on the site, which you want to be editable by users in the News Editor web role. These users might not have access to the entire sit, and certainly cannot edit the entire site, but within this branch, they have full content publishing authority.

Restrict Read

Restrict Read is used to limit viewing of a page and its child pages. It is a restrictive rule that restricts the action to a limited set of users.

For example, you might have a section of the site meant to be used by employees only. You can restrict read access of this branch to only people in the Employee web role.

Website Access

Website Access Permissions is a permission set, associated with a web role, that permits front-side editing of the various content managed elements within the portal other than just web pages. Once the grant change right is applied to a page, users in associated web roles will be able to edit the page and set properties. These website access permissions are defined on a per-site basis. It is not possible to enable and disable these permissions selectively for an individual page where the grand change right applies.

We have covered the fundamentals of Dynamics 365 Portals security. Portal features provide out-of-the-box flexibility that allows you to build robust, versatile portals where security can be configured to satisfy even the most complex business requirements when it comes to the content. Subscribe to our blog to learn more about Dynamics 365 Portals along with other technology and Dynamics information.

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

october

07oct12:00 pm1:00 pmThe Three Paths to Business Central from Dynamics GP

08oct11:00 am12:00 pmConfab with Stoneridge - Livestream - The Vision and Strategy of Microsoft Business Systems

14oct10:00 am10:30 amThe Modern Manufacturer - Managing Complex Cost Modeling

14oct12:00 pm12:30 pmGenerating Custom Inspection or Process Forms

19octAll Day22Stoneridge Connect Fall 2020

22oct11:00 am12:00 pmConfab with Stoneridge - Livestream - Stoneridge Connect Recap

28oct10:00 am10:30 amThe Modern Manufacturer - Engineering Change Management: Introduction of NEW Functionality for Manufacturers Using Dynamics 365

november

11nov10:00 am10:30 amThe Modern Manufacturer - Tears and Trauma of MRP

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X