Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I need to configure a business user to have the privilege to do the following, but not have global Administrator privileges. I'm going to call the role "Business Customizer." What is the minimum privilege for each of these tasks?
Ouch. That means when deploying and if you want to give the business the ability to change security roles, you have to give them Admin. That's a bad thing.
I came up with a solution which allows me to give a person who functions as a security liaison with the business a "Security Liaison" role with privileges to update Users - WITHOUT giving them full admin privileges.
Basically, I've accomplished this by trimming the Site Map to only show items them have access to.
Works like a charm!
Now my question is, I assume there is a way to get around that by entering the URL to other Admin areas directly in the Address bar?
1) Security 101:
A user cannot grant privileges that they do not already have themself. So your "customizer" users would need rights to write to user entity, append to user entity and append to Security Role entity (because it is an N:N relationship you need append TO on both).
They must also have a role that has all the roles that every other role has, or they need tohave every other role that they might need to assign.
That does help, Adam and makes me feel much better. I can create a Security Liaison role with just those privileges. I don't want that person to be able create a Security Role or modify the Security Role.
Business Applications communities