When you implement Microsoft Dynamics CRM and have multiple levels of user security, management of security can get complicated. If you have 20 different security roles and you want to add entity access for all users, if each group has a distinct security role, you have to add the permission to each role.
Security design can be simplified by using a base role. Identify the permissions needed to log in to CRM and the common permissions needed by all users. Maybe start with one of the limited out of the box roles, such as salesperson, and copy the role. Compare the privileges needed by each group, and note where they all intersect. For example, if one group needs read access to accounts and another need read/write access to accounts, give your base role read permissions to accounts.
The result will be a single role with the basic permissions needed by all users. Give this role to all users. Then define group specific roles, only in these roles only include the permissions that deviate from the base role. Give each group their group specific role, along with the base role.
This will significantly simplify your security design, because in future phases when you want to add a new entity to which all users will need access, you can just add it to the base role.