For the SCRM security model to function correctly, several new user groups, user accounts, and SQL roles need to be created and configured on the SCRM 2006 server and its MOM 2005 and SMS 2003 data sources.
SCRM 2006 can be installed only by using an account that belongs to the local Administrators group on the server where SCRM 2006 is to be installed. Likewise, SCRM 2006 can be uninstalled only by an account that belongs to the local Administrators group on the SCRM server. For more information about the user groups created by SCRM 2006, see SCRM 2006 Security and User Groups.
During the SCRM 2006 setup process, a folder structure is created on the SCRM 2006 server. A folder structure is also created on all SMS Servers hosting SMS data sources. Permissions are set on the SCRM 2006 file structure, both on the SCRM 2006 server and on its SMS data sources.
For information about the SCRM 2006 file system and permissions applied to it, see SCRM 2006 File System. For information about the SMS file system and permissions applied to it, see SMS Source File System.
SCRM Administrator Console
In order to run the SCRM Administrator console, users must be a member of the local Administrator group on the computer where it is installed, or users must be a member of the SC DW Administrators group and Read & Execute permission must be granted to the group for the %Windir%\System32 directory.
SCRM Data Sources
For information about security permissions on SCRM data sources that allow the SCRM data synchronization processes access to the source data see SCRM 2006 Security and User Groups.
SCRM 2006 is built on Microsoft SQL Server 2005 and Microsoft SQL Server 2005 Reporting Services. Windows authentication is used, and the standard ports for those two products are listed in the following table.
SQL Server 2005
TCP 1433 and UDP 1434
SQL Server 2005 Reporting Services
HTTPS 443 and HTTP 80