Customization tasks generally require the default System Administrator or System Customizer security roles Defined sets of privileges.The security role assigned to a user determines which tasks the user can perform and which parts of the user interface the user can view. All users must be assigned at least one security role in order to access the system.. Some other default security roles also provide privileges A user's rights to perform specific actions on specific record types or to perform tasks. Privileges are assigned by system administrators to security roles. Users are then assigned security roles. Examples of privileges include Update Account and Publish Customizations. to perform certain customization tasks or provide access to certain customizations. The following table shows the privileges necessary to perform each task or to have access to certain customizations. Customization tasks are never performed while using Microsoft Dynamics CRM for Outlook offline.
Customization Tasks
|
Default Security Roles and Required Privileges
|
Comments
|
Access customization area
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privilege:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
|
The Entity Read privilege controls access to the customization area.
|
Publish customizations
|
Security roles:
System Administrator
System Customizer
Privilege: Publish Customizations A privilege required to make customizations available to all users. This privilege is on the Customization tab in Security Roles.
|
Customizations that change the schema must be published. The Publish Customizations privilege is separate from other customization privileges because it allows user-interface elements to be customized by several people but published only by someone who has reviewed the customizations.
|
Customize entities
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Entity: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
These privileges allow you to change the Display Name of the entity. Modification of the entity attributes, form, views, or messages require additional privileges.
Editing entity messages requires the privilege:
Form A page that displays detailed information that users have entered into Microsoft Dynamics CRM about a specific record, such as all information about a contact.Information that users enter in a form is stored in Microsoft Dynamics CRM as a record.: Organization Organization  An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role..
|
Create custom entities
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Entity: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
Entity: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
These privileges allow you to create a custom entity. Modification of the entity attributes, form, views, or messages require additional privileges.
|
Set privileges for custom entities
|
Example Privileges
<Custom Entity>: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
<Custom Entity>: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
<Custom Entity>: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
<Custom Entity>: Delete A privilege required to permanently remove a record. Which records can be deleted depends on the access level of the permission defined in your security role.
<Custom Entity>: Append A privilege required to associate a record with the current record. For example, if a user has Append rights on an opportunity, the user can add a note to an opportunity. Which records can be appended depends on the access level of the permission defined in your security role.
<Custom Entity>: Append To A privilege required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append To rights on the note. Which records can be appended to depends on the access level of the permission defined in your security role.
<Custom Entity>: Assign A privilege required to give ownership of a record to another user. Which records can be assigned depends on the access level of the permission defined in your security role.
<Custom Entity>: Share A privilege required to give access to a record to another user while keeping your own access. Which records can be shared depends on the access level of the permission defined in your security role.
Security roles:
System Administrator
System Customizer
|
When a custom entity is created, the access level is set to None None  An access level that denies the user privileges at any level. for all privileges in all security roles other than System Administrator and System Customizer. Change the access level as appropriate to enable other users to use custom entities.
The settings shown here are default privileges for core user-owned entities that store customer data. These settings represent a common pattern for user-owned entities.
Organization-owned custom entities do not have the Assign or Share privilege.
|
Export customizations
|
Security roles:
System Administrator
System Customizer
Privilege: Export Customizations A privilege required to export customizations. This privilege is on the Customization tab in Security Roles.
|
You are able to export only customizations and settings for which you have read privileges.
To export ISV.Config An XML configuration document used to update the navigation structure of Microsoft Dynamics CRM, including adding custom buttons, tabs, and menus to entity forms. you must have the ISV Extensions A privilege required to view and use custom buttons created in the ISV.Config. This privilege is on the Customization tab in Security Roles. privilege.
|
Import customizations
|
Security roles:
System Administrator
System Customizer
Privilege: Import Customizations A privilege required to import customizations. This privilege is on the Customization tab in Security Roles.
|
Some customizations must be published after they are imported before they are available to users.
You are able to import only customizations and settings for which you have read, create, and write privileges.
Only the System Administrator can import security role definitions or organizational settings.
|
Modify entity attributes
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Attribute: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Attribute: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
These privileges allow for modification of existing entity attributes only. Creation of new attributes requires additional privileges.
|
Create entity attributes
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Attribute: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Attribute: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
Attribute: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
|
New entity attributes are not visible to users until they have been added to the entity form. Modifying the entity form requires the Form: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. privilege.
|
Edit entity relationships
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Relationship: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Relationship: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
These privileges allow for modification of existing entity relationships only. This includes the ability to create new mappings. Creation of new entity relationships requires additional privileges.
|
Create entity relationships
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Relationship: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Relationship: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
Relationship: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
|
New entity relationships cannot be used until the relationship attribute An attribute that exists in a related entity when a hierarchical relationship exists. When added to the form of the related entity, a lookup control is displayed to allow the record to be related to another record as defined in the relationship. is added to the related entity form. Modifying the entity form requires the Form: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. privilege.
|
Use custom entity relationships
|
Security roles:
Depends on the entities participating in the relationship.
Privileges:
primary entity The entity that a related entity is associated to. Sometimes called a parent entity. record: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
primary entity The entity that a related entity is associated to. Sometimes called a parent entity. record: Append A privilege required to associate a record with the current record. For example, if a user has Append rights on an opportunity, the user can add a note to an opportunity. Which records can be appended depends on the access level of the permission defined in your security role.
related entity An entity that is associated with a primary entity (record type) through a unique reference defined by using a lookup control on the related entity form. For example, an account has a unique reference to a primary contact. record: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
related entity An entity that is associated with a primary entity (record type) through a unique reference defined by using a lookup control on the related entity form. For example, an account has a unique reference to a primary contact. record: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
related entity An entity that is associated with a primary entity (record type) through a unique reference defined by using a lookup control on the related entity form. For example, an account has a unique reference to a primary contact. record: Append To A privilege required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append To rights on the note. Which records can be appended to depends on the access level of the permission defined in your security role.
related entity An entity that is associated with a primary entity (record type) through a unique reference defined by using a lookup control on the related entity form. For example, an account has a unique reference to a primary contact. record: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
|
At a minimum, users must have User User  An access level that lets the user work with record types they own, record types that are shared with the user, and record types that are shared with the team of which the user is a member. For example, if a user is assigned the User access level on the Read privilege for Account records, the only accounts that can be read are those that are owned by or shared to the user. level access to the records participating in the relationship.
Users with the Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role. privilege on the related entity record will be able to create new associated records Records that are referenced in the current record. For example, an account might have many associated contact records. from the primary entity.
|
Create charts
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
View: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
View: AppendTo A privilege required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append To rights on the note. Which records can be appended to depends on the access level of the permission defined in your security role.
|
|
Edit charts
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
View: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
|
|
Delete charts
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
View: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
View: AppendTo A privilege required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append To rights on the note. Which records can be appended to depends on the access level of the permission defined in your security role.
|
|
Modify entity forms
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Form: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
Form: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. privilege is set to Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. and cannot be changed.
|
Modify system views
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
These privileges allow for modification of existing views only. Creation of new views requires additional privileges.
The View: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. privilege is set to Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. and cannot be changed.
|
Create system views
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Professional
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
View: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role.
|
The View: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. privilege is set to Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. and cannot be changed.
|
Delete system views
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
View: Delete A privilege required to permanently remove a record. Which records can be deleted depends on the access level of the permission defined in your security role.
|
The View: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. privilege is set to Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. and cannot be changed.
|
View client extensions
|
Security roles:
System Administrator
System Customizer
CEO-Business Manager
Customer Service Manager
Marketing Manager
Vice President of Marketing
Sales Manager
Vice President of Sales
Privilege: ISV Extensions A privilege required to view and use custom buttons created in the ISV.Config. This privilege is on the Customization tab in Security Roles.
|
This privilege grants users the ability to see client extensions configured using ISV.Config An XML configuration document used to update the navigation structure of Microsoft Dynamics CRM, including adding custom buttons, tabs, and menus to entity forms..
|
Edit entity messages
|
Security roles:
System Administrator
System Customizer
Privileges:
Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
Entity: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
Form: Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
|
|
Download Web Services Description Language files
|
Security roles:
System Administrator
System Customizer
Privilege: Entity: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
|
The entity Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. privilege is necessary only to gain access to the URLs in the customization area. It is not necessary to download the Web Services Description Language files.
|