Dynamics 365: Insufficient Permissions issue while opening record from a Specific User

While working on a project, I faced the following error when opening any activity records from a user with a specific business security role.

We checked the security role of that user and verified that role has full read privileges on activities and regarding case entity as well but still, it was not working. I checked from google, found some links like given below

https://www.powerobjects.com/2015/02/13/access-denied-identify-fix-security-role-issue/

https://community.dynamics.com/crm/f/117/t/102666

I have verified and tried whatever mentioned in these links in our scenario but nothing worked.

There is another possible solution mentioned in this article, which is focused on creating a new role from scratch.

https://www.inogic.com/blog/2016/11/minimum-privileges-required-to-login-microsoft-dynamics-365/

But, many experts at community forum recommend creating new roles by copying some existing role. So, that’s what I have used to resolve this issue. But, that is not the only thing which I have done. For details, please go through the full article below.

After trying different options and some RnD, I discussed with a teammate about the issue and decided to make a brand new role using an existing default role which has minimum permissions in CRM i.e. Customer Service Representative.

We created a new role using the following option on an existing role

Let’s say the new role name is “My New Role”

After creating this role, I assigned it to my user and tried to open the activity record and it was working fine.

But the permissions set in this role were not the actual permissions on different entities which were needed to use for a particular user. So, what I need to do is to merge newly created role with my old security role which contains permissions on certain entities for that user. To merge both roles, I used a plugin in XRMToolBox named “Security Role Merge”.

After opening this plugin and connecting with CRM Organization, press “Get Roles” button.

All roles from your CRM organization will be populated in the box under “Select Roles to Merge”.

Select multiple roles which you need to merge, and press the “Merge” button

A message will be shown to you to enter a new role name which will be the resultant role of this merger activity.

I gave it name as “My Merged Role”

Now, I removed the old role from the user and deleted that from CRM. Assigned this newly merged role to the user and was able to open all activity records without any issue. After this is done, obviously I need to remove extra permissions for some entities from this new role which my user do not need. That’s it.