CRM provides a variety of out-of-box reports as well as the ability to import custom built reports. Some of these are beneficial to the entire organization while others are required just for a subset of users such as executives, sales or service managers, or even a specific department such as Finance. These group specific reports might contain information which other groups should not be able to see (e.g. a profit margin report which shows product cost for the Finance team which you do not want Sales Reps to view.) With this scenario you need to set up security around the reports. It’s not always straightforward and easy to figure out.
Reports operate within two security pieces, ‘Viewable By’ on the Report (under the administration tab) and ‘Permissions’ on the Security Role (found under Core Records), which work together to restrict or allow access.
Let’s start with the report itself. If the report has ‘Viewable By’ selected as Organization then the entire Organization has access to view the report. The only time this will not be the case is if the report is SYSTEM owned, typical of out of box reports. In this instance the Security Role permissions will control the visibility of the report.
If the report has ‘Viewable By’ selected as Individual then the report is subjected to a User’s Security Role permissions. This means that if a Security Role has a Read permission set to the ‘Business Unit’ level the user will have access to all Organization reports as well as any Individual reports where the owner shares the same business unit.
For Security Roles Users, you can have Read access at different levels: User, Business Unit, Parent: Child Business Units, and Organization. If the permission level granted for Read is User then the User will only be able to see reports they own or are Viewable By Organization on the report. For a permission level where Read is Organization then the person can see all reports including those Viewable By Individual even if the report is owned by another.
Through this logic, you can make it so that only certain users or groups can access the report. To do so, you would need to set the Read permission level to User for each security role which still allows the User to see all Organization reports. On the secured report you could set the Viewable By to Individual and then share the report with individual users thorough the share settings if the viewer group is small.
For a group which might be larger and fluctuate those who need to view the report more frequently you can assign the report to a Team instead of a User. From here you can just add or remove members to the Team which would grant or remove access to the report respectively.
Have more questions about setting report permissions within CRM? Contact Scott at firstname.lastname@example.org or by calling our main line at 1.866.960.0001.
SCOTT FLORANCE | CRM Business Software Consultant
Scott Florance is one of the CRM Consultants at KTL and has proven his value as a member of the team since September 2013. Whether implementing a new CRM organization or adding to existing configurations, Scott has engaged clients with a positive and enthusiastic demeanor to help them meet their organizational needs. With four plus years of experience, Scott is familiar with CRM as both a power user and administrator. Scott received his bachelor’s degree in business administration from the University of Central Florida. He is a Microsoft Certified Technology Specialist for Dynamics CRM as well as a Certified Scribe Technician.