web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / who needs common data ...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

who needs common data service user security role?

(0) ShareShare
ReportReport
Posted on by Community Member

I found it given to a sales person who shouldn't be able to delete ANY accounts.  The role gives first level account delete privilege.

So, now I wonder if everyone needs it and/or if I can change it.

TIA

-thd

I have the same question (0)
  • Suggested answer
    Adrian Begovich Profile Picture
    Adrian Begovich 1,027 Moderator on at

    Hi TallyHoDukey,

    Give the Common Data Service User Security Role to users that need to run an app within your environment and perform common tasks such as reading, creating, writing and deleting for the non-custom entity records that they own. A user will be able to delete their own Account records with this Security Role so you will need to modify an existing Security Role or create a new custom Security Role and assign this to the user instead to prevent this.

  • Community Member Profile Picture
    Community Member on at

    I don't have it assigned to me and I do those things all the time.

    While I truly appreciate valuable advice I posted the question hoping for information.

    Thank you nonetheless

  • Suggested answer
    Adrian Begovich Profile Picture
    Adrian Begovich 1,027 Moderator on at

    Hi TallyHoDukey,

    You do not have to have the Common Data Service User Security Role to read, create, write and delete non-custom entity records but these privileges are provided by this Security Role.

    You can assign more than one Security Role to a user. The effect of multiple Security Roles is cumulative, which means that the user has the permissions associated with all Security Roles assigned to the user.

    Your user has another Security Role assigned to it with equal or greater privileges than the Common Data Service User Security Role.

  • Verified answer
    LuHao Profile Picture
    LuHao 40,892 on at

    Hi TallyHoDukey,

    The security role 'Common Data Service User' is used to provide access to the minimum amount of business data required to use the app in the case of requirements to read (self), create (self), write (self), and delete (self).

    With this security role, we can run an app within the environment and perform common tasks for the records that they own. Note: this only applies to non-custom entities.

    Please note that 'CDS User' is a standard role with the lowest permissions in the case of read (self), create (self), write (self), and delete (self), that is, it can be used as the basis for the base role–copy the role and then add the permissions needed by all users.

    Please refer to these two articles:

    1. https://docs.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles
    2. https://community.dynamics.com/crm/b/dynamicscrmtipoftheday/posts/tip-1297-base-your-base-role-on-the-cds-user-role
  • Community Member Profile Picture
    Community Member on at

    So, it's just a generous gift from Microsoft.  No one is out there controlling form access with it or Flow functionality or something I don't even know about?

  • LuHao Profile Picture
    LuHao 40,892 on at

    Hi TallyHoDukey,

    Could you please elaborate on your concerns?

    'CDS User' is just a security role with relatively low privileges, lower privileges than Sales Person and can be assigned to users with low privileges.

    In addition, the relationship between a User's security roles is a union, and assigning a 'CDS User' to a high-privileged User is of little use.

    Therefore, 'CDS User' cannot be used to achieve some unique access rights, it is only a low-privilege security role, and nothing more.

  • Community Member Profile Picture
    Community Member on at

    Kind sir,

    There are lots of things that I and others I have seen have done with security roles.  A security role with NO privileges can be created to

    • control form access
    • automate form selection
    • affect filters on views
    • affect the site map

    I, for one, have never created a security role for no reason.  I've even seen someone use a role assignment to trigger team membership be granted the user.

    So, my concern is, in light of the fact that Microsoft makes some mighty thoughtless design decisions, that CDSuser might be integrated into something without enough fanfare for me to have become aware.  Hence, the question.

    And thank you both for your answers and references.  I am now comfortable that I will not run into some mystery error message or malfunction in the future.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 76

#3
Martin Dráb Profile Picture

Martin Dráb 64 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans