Often the weakest link in protecting the security of the CRM system is the user and not the technology infrastructure. There are some basic steps you can take immediately after installing CRM 2011 or signing up for the CRM Online service to protect your users from themselves. It is all about adjusting the security roles in CRM and taking some other basic precautions to minimize the risk of user induced catastrophe to the CRM system.

1.  Never assign the CEO-Business Manager role to the owner of the company. This role has extensive privilege’s and without proper perspective and insight it can do a lot of damage. How often does the Owner get CRM training? Not very often. Unless that is you.


2.  Clone all of out of the box rules and remove the Delete privilege on all the Core Records. Assign those modified roles to users.






  3. Limit the users who are assigned the System Administrator or System Customizer Role assignments to only those must have users that have received training.



4.  Turn on Auditing for all company critical records – Accounts, Contacts, Leads, Opportunities.

How? http://help.crm.dynamics.com/help/default.aspx?area=%2ftools%2faudit%2faudit_area.aspx&user_lcid=1033&ver=5.0.9688.1553



5.  Periodically export the default solution of your system as a backup. Go to Settings/Customizations/Customize the System. Select Components, check the select all box and then Export the solution. You may want to do this before you are going to be making any major edits to the entities or site map.



 7. Make sure the Bulk Delete privilege is not enabled for users that don't need it.


8. Remove the Bulk Edit privilege for users that don't need it.




9. Besides running the ‘nightly disaster recovery backup’ for the SQL database, you might consider automating the scheduling of periodic onsite backups during the business day if the database isn’t too large.

These are the first 9 steps we perform on every CRM installation we implement.