web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Minimum Security Privi...
Microsoft Dynamics CRM (Archived)

Minimum Security Privilege to assign security roles and update User records?

(0) ShareShare
ReportReport
Posted on by Cyclefitness

I need to configure a business user to have the privilege to do the following, but not have global Administrator privileges.  I'm going to call the role "Business Customizer."  What is the minimum privilege for each of these tasks?

  1. Assign security roles and update other attributes on the User record.
  2. Update Global Option Sets.

Thank you!

*This post is locked for comments

I have the same question (0)
  • Cyclefitness Profile Picture
    Cyclefitness on at

    Ouch.  That means when deploying and if you want to give the business the ability to change security roles, you have to give them Admin.  That's a bad thing.

  • Cyclefitness Profile Picture
    Cyclefitness on at

    I came up with a solution which allows me to give a person who functions as a security liaison with the business a "Security Liaison" role with privileges to update Users - WITHOUT giving them full admin privileges.  

    Basically, I've accomplished this by trimming the Site Map to only show items them have access to.  

    1. I created a "dummy" entity named "securityuser" -- the name includes the entity I want to give them access to; i.e., User.  
    2. I created a "Security Liaison" Security Role to have "Read" privilege to that dummy entity.
    3. I added a "User" SubArea on the SiteMap with the Privilege attribute to the securityuser entity with read.  

    Works like a charm!

    Now my question is, I assume there is a way to get around that by entering the URL to other Admin areas directly in the Address bar?

  • Verified answer
    Community Member Profile Picture
    Community Member on at

    1) Security 101:

    A user cannot grant privileges that they do not already have themself. So your "customizer" users would need rights to write to user entity, append to user entity and append to Security Role entity (because it is an N:N relationship you need append TO on both).

    They must also have a role that has all the roles that every other role has, or they need tohave every other role that they might need to assign.

  • Cyclefitness Profile Picture
    Cyclefitness on at

    That does help, Adam and makes me feel much better.  I can create a Security Liaison role with just those privileges.   I don't want that person to be able create a Security Role or modify the Security Role.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans