web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Issues with security r...
Microsoft Dynamics CRM (Archived)

Issues with security roles on teams?

(1) ShareShare
ReportReport
Posted on by Justin822 815

We are using CRM 2011 on premise and would like to set up our security roles on teams instead of on individual users. However, every time we try to configure it this way, we end up with seemingly random results. The users will have access to some of the things their teams permissions grant them and not others. The most recent testing we did with this was to add the system administrator role to a team. We then gave one of our system admins a base role on their user and added them to the system admin team. They can access most entities and do customizations with no problems, however, they were trying to disable a user and could not. I tried this with system admin on my user account and could disable the user. Anyone had any luck with using teams for security roles?

*This post is locked for comments

I have the same question (0)
  • Scott Cooper Profile Picture
    Scott Cooper 40 on at
    Re: Issues with security roles on teams?

    Sadly I can't give you a solution but I would like to flag that I too have tried to take a team/role based approach to security rather than assigning permissions specifically to a user and I have had the same result as you.  From what I can see currently it would appear that the system does not provide the capability to manage purely by team assigned security roles, we still need to assign security to the individual user.  I would love to be shown to be wrong, for now based on my experience I am proceeding with that premise.

  • Justin822 Profile Picture
    Justin822 815 on at
    Re: Issues with security roles on teams?

    Do you have update rollup 1 installed and still see this? I didn't see anything in the release notes regarding this, so I doubt it was fixed, but wanted to check. Oddly, the issues seem to pop up randomly and therefore make it somewhat hard to verify if it is working or not. Thanks for your response.

  • Scott Cooper Profile Picture
    Scott Cooper 40 on at
    Re: Issues with security roles on teams?

    Hi Justin, I am actually using the online version and to my understanding yes, rollup 1 is applied.  I had a user that for all intents and purposes has full access to pretty much everything based on the security role assigned to his team but I had nothing assigned to him, he seemed to be able to do most things but as soon as he went to users and tried to look at someone he got an inadequate permissions error, I assigned the same role to him directly and suddenly permissions weren't a problem.  Best of luck.

  • Suggested answer
    Biplab Profile Picture
    Biplab 20 on at
    Re: Issues with security roles on teams?

    Hi Justin,

    This is my interpretation. A team and user's security role combination can be used on entities or functionalities where ownership is defined as team or user. In case of a user entity, the ownership is business unit so I assume that it only takes the user's security role into consideration and not the team's (I guess MS has left this functionality as-is like previous versions 4.0 or 3.0)

    Regards,

    Biplab

  • biboy Profile Picture
    biboy 20 on at
    Re: Issues with security roles on teams?

    I haven't really found a way to get around this but here's how you can replicate the problem:

    1 - Create a role with basic or full privileges to 2 different entities, say Entity1 and Entity2

    2 - Create a team

    3 - Assign the new role to your team

    4 - Add a member to your team, say User1

    5 - Login as User1

    6 - Create or open an Entity1 record - you will get SecLib::AccessCheckEx failed

    7 - Login as administrator and explicitly assign the new role to User1

    8 - Login as User1 and open an Entity1 record, works just fine

    9 - Login as administrator and remove the new role from User1

    10 - Login as User1 and notice that when you open an Entity1 record, it now works as compared from step 6 above

    11 - Now, still logged in as User1, open an Entity2 record.  Again you will get SecLib::AccessCheckEx failed

    12 - Unless you repeat steps 7-10 for Entity2, it will not work

    My conclusion is, until you explicitly assign a role to a user then open an entity record, the user won't inherit the team's roles.

    Any suggestions?

  • Gus Gonzalez Profile Picture
    Gus Gonzalez 27,113 on at
    Re: Issues with security roles on teams?

    You are correct on your conclusion. That is my conclusion as well.

  • Suggested answer
    VenkataRaviKumar Profile Picture
    VenkataRaviKumar on at
    Re: Issues with security roles on teams?

    Hi , I follow u r steps & i am able to create record with little change at security role. We have to give user level permission at 1) Businessmangment tab -->usersettings 2) customization tab--> read permission on webresource,view ....etc.

    Hope this will help you.

    Thanks

    VenkataP

  • Phonz Profile Picture
    Phonz 5 on at
    RE: Issues with security roles on teams?

    Has there ever been solution to this? I am trying to follow the traditional AGDLP technic, but this looks like a bug.

  • SergeRM Profile Picture
    SergeRM 80 on at
    RE: Issues with security roles on teams?

    I can provide example how to replicate this issue, I try to send email to a contact and I pick a template, if my user has security role X than this process works fine,

    If I remove this role X from user, put him in a Team and give team only one role X this message popup:

    SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 427cf7c0-7558-e611-80e9-0050569464f5, OwnerId: ae8d789e-9e48-e611-80e8-0050569464f5,  OwnerIdType: 8 and CallingUser: ae8d789e-9e48-e611-80e8-0050569464f5. ObjectTypeCode: 2500, objectBusinessUnitId: f5175b81-863e-e611-80e7-0050569464f5, AccessRights: WriteAccess

    Role has user level write access to userentityUIsettings table (2500)

  • Karsten Wirl Profile Picture
    Karsten Wirl 4,477 on at
    RE: Issues with security roles on teams?

    Hello Justin.

    First... never try to add SystemAdmin-SecRole via teams. I have experienced many problems do so. Special flags in the SysAdmin-SecRole are no longer working and a SystemAdmin is no longer a SystemAdmin.

    Is it a bug? I don't know, but this behavior can be found in 2011, 2013, 2015 and 2016.

    Kind regards,

    Karsten

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Pallavi Phade – Community Spotlight

We are honored to recognize Pallavi Phade as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
Community Member Profile Picture

Community Member 2

#1
UllrSki Profile Picture

UllrSki 2

#3
SC-08081331-0 Profile Picture

SC-08081331-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans