Microsoft Dynamics® CRM Training
Privileges for Managing Roles
An error occurred while loading the video. Please try again.
In Microsoft Dynamics CRM, System Administrators are typically the ones who assign other users Security Roles. However, the need may arise for someone other than the System Admin to assign and manage Security Roles. Team leaders or heads of business units for example may have this need. This can save the System Admin time, as well as the affected Users since they wouldn’t have to wait for the admin to reply to a request for necessary privileges.
In this lesson, I’ll explain the privileges required to change the Security Role of another User. I’ll also explain the limits of these privileges.
First, what are the privileges necessary to assign Security Roles to other Users? To find them, I’ll navigate to Settings > System > Administration, and then click Security Roles. I now see a list of Security Roles in this organization. Remember, the reason I’m giving another User the ability to assign privileges in this scenario is so that I don’t have to. However, manually configuring each Security Role every time a manager needs the privileges defeats the purpose of saving time. A solution for this is to create a new Security Role that only has the necessary privileges to assign roles.
I’ll click New in the toolbar. I’ll name this role, “Assign Rolls”. Notice that when I toggle through each tab, all of the privileges are set to none. This is exactly what I want because I want this Security Role to fulfill a very specific purpose. Since Users can be assigned multiple rolls, I can assign this Security Roll to any applicable user, in addition to their other assigned rolls.
The privileges I’m looking for are in the Business Management tab. I’ve located the Security Role entity. Now, which privileges does this role need? Obviously, it needs the Assign privilege, so I’ll set it to Organization. This way a user with this Security Role can assign others a role.
This roll needs one more privilege though. For a user to have the ability to click Manage Roles on a User record, they must have the Read privilege as well. So I’ll set it to Organization too. Note that these privileges can be limited to other various levels if I wanted to prevent them from changing roles of users in other business units. But I want this role to be all-encompassing, so I’ll leave it.
I’ve configured this role, so I’ll click Save and Close in the toolbar. Remember, this role only gives users access to read and assign Security Roles, so this role would be assigned to a user on top of their existing roles.
It is important to understand that users can only assign and remove roles that they themselves have. For example, if I have the Security Roles of Sales Manager and Assign Roles, I’ll only be able to assign other users privileges found in that role. I couldn’t assign someone a role of Scheduler.
This is NOT dependent on having the right Security Role, but instead the right privileges that make up the Security Role. Since System Administrators have all of the available privileges, they can assign any role. Therefore, it is best practice to assign any user that will be managing roles the necessary privileges they need. For example, if the manager of one of my sales teams will be assigning roles, I might want to give her a Security Role of Sales Manager, Salesperson, Marketing Manager, and Marketing Professional. This way, she has the flexibility to assign users a variety of privileges relevant to her department.
For more tips, tricks, and tutorials, please refer to the Success Portal and blog.xrm.com.