Microsoft Dynamics 365 | Integration, Dataverse...

Dynamics 365 (CRM) user security role to manage users

(0) Share

Report

Posted on by Community Member

Hello Community,

In Dynamics 365 (CRM) online, does anyone know, or can point me to some documentation, what the minimum security permissions are to set up a Dynamics user security role to manage users - i.e. just to assign teams to users, and assign roles to users)?

Thank you!

I have the same question (0)

All responses (4)

Answers (0)

Suggested answer

Denny Deng on at

Like (0)

Report

Use the Mode Access: Administrative; Type Licence: Administrative.

Was this reply helpful? Yes No
LuHao 40,892 on at

Like (0)

Report

Hi partner,

'assign teams to users, and assign roles to users' - Does this mean the owner team and security roles?

1. If so, please refer to this document on ‘Assign a security role to a user’:

https://docs.microsoft.com/en-us/power-platform/admin/create-users-assign-online-security-roles#assign-a-security-role-to-a-user

Make sure you have the System Administrator or System Customizer security role or equivalent permissions.

After my tests, only the System Customizer security role can't access Security > Users, so System Administrator or equivalent permissions can assign security roles to users.

2. please refer to this document on ‘Edit an owner team’: https://docs.microsoft.com/en-us/power-platform/admin/manage-teams#edit-an-owner-team

Make sure that you have the System Administrator, Sales Manager, Vice President of Sales, Vice President of Marketing, or CEO-Business Manager security role or equivalent permissions.

In summary, only the System Administrator security role or equivalent permissions can assign teams to users and assign roles to users.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Hao,

Thanks for your response. To be more specific, my question is if I don't want to give the System Admin role to a user for that user to be able to assign teams and other security roles to other users, is there a way I can configure a custom security role (not the same as the system admin role), which contains the very minimum permissions to allow a user to be able to assign teams and other security roles to other users.

Is that possible?

Was this reply helpful? Yes No
Suggested answer

LuHao 40,892 on at

Like (0)

Report

Hi partner,

After a lot of tests, I found that when a user has the privileges for the Security Role, Team and User entity, then he can assign the security role to other users, but can only assign the security roles he already has.

Please refer to this blog: https://community.dynamics.com/crm/b/magnetismsolutionscrmblog/posts/permissions-required-to-manage-roles-in-dynamics-crm-2011

Create a new security role that only gives it Read and Assign permissions to the Security Role entity; Read, Append and Append to privileges for the Team entity and User entity.

Assign this new security role to specific users (or a owner team) so that these users with this security role can assign security roles that they have to other users, and add users to the team.

For example, User A has two security roles, 'Account Manager' and 'Sales Manager'. After you assign the new security role to User A, then he can assign 'Account Manager' and 'Sales Manager' security roles to other users, and he can add any user to any team.

For security roles that User A does not have, he cannot assign them to users.

So, if you want to assign security role B to some users, first you need to assign security role B and new security role to user A, then user A can assign security role B to other users.

In addition, I found a similar theme: https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/165688/security-role-permissions-to-create-users-and-assign-security-roles-to-users

Was this reply helpful? Yes No