Create or edit a security role

Can I do this task?

Before editing a security role A defined set of privileges. The security role assigned to a user determines which tasks the user can perform and which parts of the user interface the user can view. All users must be assigned at least one security role in order to access the system., you should understand data access. More information: Controlling Data Access

The recommended way to create a new security role is to copy an existing security role and modify it. More information: Select the Copy a security role option.

1. In the Navigation Pane, click Settings, click Administration, and then click Security Roles.
2. To edit a security role, double-click it.

   - OR -

   To create a new security role, on the Actions toolbar, click New, and on the the Common tab, type the name of the security role.

   Tip

   You cannot modify the System Administrator security role. To create a security role similar to the System Administrator security role, copy the System Administrator security role to a new security role, and make changes to the new security role.

3. Set the privileges on each tab.

   To change the access level A security role setting that determines, for a given entity, who can access records. There are four options: just the owner of the record, all users in the current business unit, all users in the current or child business unit, or all users. for a privilege, click the symbol until you see the symbol you want. The possible access levels depend on whether the record type is organization-owned Records that everyone in the organization needs to access, such as products or sales literature items. Access to this type of record can be set at one of two levels: None , or Organization . or user-owned Records that are used by individuals or sub-groups, such as accounts, activities, and leads. Access to this type of record can be set at one of five levels: None , User , Business Unit , Parent-Child Business Units , or Organization ..

   Tip

   To cycle through the access levels, you can also click the privilege column heading, or click the record type multiple times.

4. Click Save or Save and Close.

Important

These privileges are viewable, but are for internal use only and should never be modified:

Application File, Business Unit Map, Client Update, Commitment, Competitor Address, Dependency Mode, Indexed Article, E-Mail Hash, E-Mail Search, Filter Template, Import Data, Integration Status, Internal Address, Inter Process Lock, Notification, Organization Statistic, Organization UI, Owner, principalattributeaccessmap, principleobjectaccess, Privilege Object Type Code, Resource Expansion, Ribbon Command, Ribbon Context Group, Ribbon Difference, Ribbon Rule, Ribbon Tab to Command Mapping, Role Template, Sales Process Instance, Sdk Message Pair, Sdk Message Request Field, Sdk Message Response, Sdk Message Response Field, Status Map, String Map, Subscription, Subscription Clients, Subscription Synchronization Information, Tracking information for deleted entities, SystemUser BusinessUnit Entity Map, System User Principal, Unresolved Address, UserEntityInstanceData, User Entity UI Strings, User Fiscal Calendar, Web Wizard, Web Wizard Access Privilege, Wizard Page, and Workflow Wait Subscription.

Modifying these privileges in any way can cause unexpected and undesirable behaviors in the application. More information: Microsoft Dynamics CRM 2011 Entities, Security Role and Privilege Reference, and Microsoft Dynamics CRM Security Model.

Note

• If you need to back up your security role changes, or export security roles for use in a different implementation of Microsoft Dynamics CRM, you can export them as part of exporting customizations. More information: Export Customizations and Configurations
• It's helpful to keep in mind the minimum privileges you need to define for some common tasks. These include:
  • When logging in to Microsoft Dynamics CRM:
    1. To render the home page: prvReadWebResource, prvReadCustomization
    2. To render an entity grid (that is, to view lists of records and other data): Read privilege on the entity, prvReadUserSettings, prvReadQuery
    3. To view single entities in detail: Read privilege on the entity, prvReadSystemForm, prvCreateUserEntityUISettings, prvReadUserEntityUISettings
  • When logging in to Microsoft Dynamics CRM for Outlook:
    1. To render navigation for Microsoft Dynamics CRM and all Microsoft Dynamics CRM buttons: prvReadEntity, prvReadQuery
    2. To render an entity grid: Read privilege on the entity, prvReadCustomization, prvReadWebResource, prvReadUserQuery
    3. To render entities: Read privilege on the entity, prvReadSystemForm, prvCreateUserEntityUISettings, prvReadUserEntityUISettings, prvWriteUserEntityUISettings