Access management in Unified Service Desk
Overview of access control
Unified Service Desk configuration entities and the underlying User Interface Integration (UII) entities are stored in the Common Data Service platform, and you can use the Common Data Service platform security model to govern access to both of these entities. the Common Data Service platform has a robust security model that combines role-based, record-level, and field-level security to define the overall security rights that users have. More information: Security concepts for Microsoft Dynamics CRM
Unified Service Desk users can be broadly classified into two categories:
Administrators: People who configure the Unified Service Desk and UII entities to define an agent application.
Agents: People who use the Unified Service Desk client application to read the configuration in the Unified Service Desk and UII entities to perform their day-to-day work in a call center.
Using Unified Service Desk security roles
When you deploy Unified Service Desk to the Common Data Service platform instance, four security roles are created:
UIIAdministrator and UIIAgent roles define access to the UII and required the Common Data Service platform entities.
USD Administrator and USD Agent roles define access to the Unified Service Desk entities, the underlying UII entities, and required the Common Data Service platform entities. You must assign one of these two roles to users in your organization depending on their job role (administrator or agent).
More information: Implement security using custom security roles
Using Unified Service Desk configuration
Another approach to filtering access to Unified Service Desk data is through the use of configurations. A configuration is the logical grouping of various components in the Unified Service Desk agent application such as action calls, agent scripts, entity searches, events, and hosted controls. The configuration can be assigned to a user so that when the user starts the Unified Service Desk agent application, only the components included in the configuration are displayed. This is a great way to filter things that you want to be displayed to your agents without having to manage their security roles. However, please keep the following things in mind:
A configuration can only be assigned to a user, and not to a team in the Common Data Service platform.
A configuration only filters the components when you access Unified Service Desk information through the client application. If you access the Common Data Service platform or Microsoft Dynamics 365 for Outlook directly, you can access data as per your Common Data Service platform security role.
More information: Manage access using Unified Service Desk configuration