web
You’re offline. This is a read only version of the page.
close
Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Security on User forms
Microsoft Dynamics CRM (Archived)

Security on User forms

(0) ShareShare
ReportReport
Posted on by Community Member

We are running an on-premise CRM 2013 and this has happened a couple of time, typically with new employees.  The new employee, Joe, accidentally clicks on another users name, Carl, which then takes him to the Administration -> Users screen for Carl.  Joe sees Carl's name there and think, 'oh, this should be my name instead.' and changes Carl's name to his.  Now thankfully they only change the display name, not the actual username.

My question is what security settings are needed to prevent anyone from changing anyone else's user screen?  Under Security Roles -> Core Records, all the User entities are set to User, but that doesn't seem to make a difference.  Under Security Roles > Business Management there is the User entity there, which when I remove the Write privileges, makes the User screen Read-Only, but there isn't an option to set it to User, it just jumps from None to Business Unit.

Is this something unique to our system or is there something that I'm missing?  I suppose I could set Field Security on the fields that I don't want changed, just curious if that is the only way to go?

Thanks

*This post is locked for comments

I have the same question (0)
  • ashlega Profile Picture
    ashlega 34,477 on at
    RE: Security on User forms

    +1 for Aamer. This is exactly how out of the box roles are set up (have a look at the SalesPerson role, for example - they have no "write" permissions on the user entity)

  • Suggested answer
    Community Member Profile Picture
    Community Member on at
    RE: Security on User forms

    Hi Lindsay,

    Why are we trying to give User access level on Write permission to the User records?

    Logically & technically, end users will not be creating user records and should not be updating them.

    I would prefer removing the Write permission altogether.

  • Suggested answer
    Aric Levin - MVP Profile Picture
    Aric Levin - MVP 30,188 Moderator on at
    RE: Security on User forms

    Hi Lindsay,

    User Entity does not have User scope. Only scopes that are available are BU, Parent-Child BU and Organization.

    You can create another form for the user entity which only contains the fields that you want to have your users see, and set the fields as read-only in form designer.

    You can then enable security roles for the form and set the appropriate permissions.

    System Administrators will have access to both forms.

    Hope this helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Dynamics 365 Community Calls Return
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Responsible AI policies for the Community

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Mansi Soni – Community Spotlight

We are honored to recognize Mansi Soni as our August 2025 Community…

Congratulations to the July Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
Community Member Profile Picture

Community Member 2

#2
Christoph Pock Profile Picture

Christoph Pock 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans