Showing posts with label Security Roles. Show all posts
Showing posts with label Security Roles. Show all posts

Wednesday, June 10, 2009

How to create a new User Role in CRM that actually works :)

Its always recommended that we use the user roles already provided by CRM and edit them as per our needs.



Well instead of taking the easy way out, we decided to go ahead and create a new Role from the scratch and there were times I thought, easy way out was a better option :)


Let us share a couple of our findings that should help anyone who decided to take the path less trodden.


When you create a New Role, you will notice that some of the previleges are provided by default. The default privileges added cannot be removed.

We just wanted to make a role that gives the user the permisison to view all accounts and nothing else.


So we created a role with the following privileges


However when we login with the user that has ONLY this role assigned to it, we receive the following error

We spent a lot of time trying our various combinations, when finally we found that the problem was with the user settings entity "Write" permission. By default CRM provided the "Read" permission for this entity, but not the write permission.

Once this permission was added. Run iisreset. Login as the user and it should be just fine now.

In the process we also learnt that System Administrator has certain special privileges that are not presented on the Role user interface, so there is no way to can provide these permissions to any other user.

One of the permissions is to allow users to "Bulk Delete" records. Only System Administrator users have the permission to create "Bulk Delete" Jobs. This helped when we were developing one of the add-ons for Bulk Delete Operations. Details of this add-on has been posted on an earlier post

One of the workarounds though, is to Copy the System Administrator Role and create a new Role which will inherit these hidden privileges from the System Administrator Role.