Minimum permissions to create a user in a Business Unit - Confusion around Append / Append To - Microsoft Dynamics CRM Forum Community Forum

SBX - Heading

Helpful resources

SBX - Ask Questions

Community Forums

Ask a question

SBX - RBE Personalized Column Equal Content Card

Personalize your experience!

Personalized Community is here!

Quickly customize your community to find the content you seek.

Personalize Community Now

Name

FEATURED CONTENT

Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.

Name

PRODUCT UPDATES

2023 Release Wave 1
Check out the latest updates and new features of Dynamics 365 released from April 2023 through September 2023

Name

FASTTRACK

The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.

FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks

Microsoft Dynamics CRM Forum

Pedro Innecco asked a question on 17 Dec 2022 6:56 AM

Minimum permissions to create a user in a Business Unit - Confusion around Append / Append To

Unanswered

I've been doing some test to find out the minimum permissions required to create users in Business Units.

For this exercise, I have two roles:

A modified version of System Customiser Role.
- Sort of a minimum role for users to be able to log-in.
- I removed all that has to do with User, User Settings and Business Units from this role.
A role for testing User and BU privileges
- I combined privileges for User, User Settings and Business Units.

Here is what I came up with as the minimum requirements for creating a user:

A few explanations:

Business Unit - Read: If the user does not have read privileges for business units, the user will get a permission error as son as they click on the New button to create a user.
Business Unit - Append To: Without this privilege, the button to create a new user will not be seen.
User - Read: Without the ability to read users, you cannot do anything else, including create.
User - Create: For the main action I am trying to cater. As soon as the user is created, the record will be read-only because there is no Write permission.
User Settings: I noticed that unless user settings permissions are given, user creation will fail (insufficient permissions). I don't care for these at this point (I can fine-tune later).

Now, here is what is confusing me:

See how User has no Append privileges.
Yet, I can append the user to any business unit that I can read.
Even if I allow for Business Unit Read to be organization-wide (4/4), but the Append To is just to the local Unit (2/4) I can still create users in any Unit as long as I can read such Unit.

To sum up:

Business Unit: Append To: Is required to allow users to see the New user button.
But other than that, the person creating the user record will be able to create the user in any Business Unit that they can read.
As for User permissions, there seems to be no need for Append permissions.

This whole thing seems quite inconsistent to me. Thoughts?

Reply