Security in Unified Service Desk
Unified Service Desk configuration entities and the underlying User Interface Integration (UII) entities are stored in Microsoft Dynamics CRM, and you can use the CRM security model to govern access to both of these entities. CRM has a robust security model that combines role-based, record-level, and field-level security to define the overall security rights that users have. For more information about the CRM security, see TechNet: Security concepts for Microsoft Dynamics CRM.
Unified Service Desk users can be broadly classified into two categories:
Administrators: People who configure the Unified Service Desk and UII entities to define an agent application.
Agents: People who use the Unified Service Desk client application to read the configuration in the Unified Service Desk and UII entities to perform their day-to-day work in a call center.
Using Unified Service Desk security roles
When you deploy Unified Service Desk to a CRM instance, four security roles are created:
UIIAdministrator and UIIAgent roles define access to the UII and required CRM entities.
USD Administrator and USD Agent roles define access to the Unified Service Desk entities, the underlying UII entities, and required CRM entities. You must assign one of these two roles to users in your organization depending on their job role (administrator or agent).
More information: Manage access using Unified Service Desk security roles
Using Unified Service Desk configuration
Another approach to filtering access to Unified Service Desk data is through the use of configurations. A configuration is the logical grouping of various components in the Unified Service Desk agent application such as action calls, agent scripts, entity searches, events, and hosted controls. The configuration can be assigned to a user so that when the user starts the Unified Service Desk agent application, only the components included in the configuration are displayed. This is a great way to filter things that you want to be displayed to your agents without having to manage their security roles. However, please keep the following things in mind:
A configuration can only be assigned to a user, and not to a team in Microsoft Dynamics CRM.
A configuration only filters the components when you access Unified Service Desk information through the client application. If you access Microsoft Dynamics CRM or Microsoft Dynamics CRM for Outlook directly, you can access data as per your CRM security role.
More information: Manage access using Unified Service Desk configuration