About access control
Unified Service Desk configuration entities and the underlying User Interface Integration (UII) entities are stored in Dynamics 365 for Customer Engagement apps, and you can use the Customer Engagement security model to govern access to both of these entities. Customer Engagement has a robust security model that combines role-based, record-level, and field-level security to define the overall security rights that users have. More information: Security concepts for Microsoft Dynamics CRM
Unified Service Desk users can be broadly classified into two categories:
Administrators: People who configure the Unified Service Desk and UII entities to define an agent application.
Agents: People who use the Unified Service Desk client application to read the configuration in the Unified Service Desk and UII entities to perform their day-to-day work in a call center.
Using Unified Service Desk security roles
When you deploy Unified Service Desk to a Customer Engagement instance, four security roles are created:
UIIAdministrator and UIIAgent roles define access to the UII and required Customer Engagement entities.
USD Administrator and USD Agent roles define access to the Unified Service Desk entities, the underlying UII entities, and required Customer Engagement entities. You must assign one of these two roles to users in your organization depending on their job role (administrator or agent).
More information: Implement security using custom security roles
Using Unified Service Desk configuration
Another approach to filtering access to Unified Service Desk data is through the use of configurations. A configuration is the logical grouping of various components in the Unified Service Desk agent application such as action calls, agent scripts, entity searches, events, and hosted controls. The configuration can be assigned to a user so that when the user starts the Unified Service Desk agent application, only the components included in the configuration are displayed. This is a great way to filter things that you want to be displayed to your agents without having to manage their security roles. However, please keep the following things in mind:
A configuration can only be assigned to a user, and not to a team in Dynamics 365 for Customer Engagement apps.
A configuration only filters the components when you access Unified Service Desk information through the client application. If you access Dynamics 365 for Customer Engagement apps or Microsoft Dynamics 365 for Outlook directly, you can access data as per your Customer Engagement security role.
More information: Manage access using Unified Service Desk configuration