Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM (Archived)

Create a security role that can assign roles to other users

Posted on by Microsoft Employee

Due to some policy, we cannot grant system admin to some people who need to manage users in CRM. So I created a new security role, called "user admin", and assigned access privileges and access levels (=organization) to related entities (business unit, security role, user, user settings). Below is my testing results:

1) User ABC in business unit XYZ was assigned with security role User Admin and other proper roles.

2) ABC could add a new user EFG, set EFG's business unit to XYZ, and assign some security roles to EFT.

3) However, if the user EFG changes business unit to UVW (a child business unit of XYZ), user ABC (in Business unit XYZ) can no longer assign/change security roles to EFT. It got error message "You do not have permission to access these records".

4) It seems ABC with User Admin role can ONLY assign security roles to the users within the same business unit, not in child business unit.

Any suggestions how to make ABC to manage the users in all child business units as well?

Thanks in advance!

*This post is locked for comments

  • Suggested answer
    Danny Michaeli Profile Picture
    Danny Michaeli 10 on at
    RE: Create a security role that can assign roles to other users

    Our customer needs the same thing, for me the suggested answer by @Chitrarasan Duraisamy was not enough...

    The problem was that the user that need to assign new security roles to new users was not in the same BusinessUnits (because he changed to other Business unit for new user).

    The solution was:

    1. Create a new security role by coping it from System administrator role and removing privileges all under except Business Mangement Tab. Once you have new role assign this new role to user who is going to manage all users. (Suggested Answer by @Chitrarasan Duraisamy)

    2. Assign to the manage user all the Security roles that the manage user will assign to other users ( taken from community.dynamics.com/.../202906 Answered by @Adam Vero)

    3. Create Team for every BusinessUnit that the manage user will change (for other users), then give all this teams the same security roles as the manage user (from section 1 and section 2).

    4. Add the manage user to all the teams you created (from section 3).

    Done! now the manage user can Create new user, change hes BusinessUnit and assign Security Roles :-)

  • Verified answer
    Royal King Profile Picture
    Royal King 27,686 on at
    RE: Create a security role that can assign roles to other users

    Create a new security role by coping it from System administrator role and removing privileges all under except Business Mangement Tab. Once you have new role assign this new role to user who is going to manage all users.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Create a security role that can assign roles to other users

    Hi Chitra,

    If I understand you correctly, you suggested to assign user ABC to the root business unit (it is the way it is now), and assign system administrator to user ABC (this is what we are trying to avoid).

    User ABC (a customer support, but not a member of system admin team) needs access to the CRM to conduct his daily job plus adding new users and assigning non-system admin roles to the new users.

    So we are trying to create a new non-system-admin security role for ABC.

    Thanks,

    Hao

  • Royal King Profile Picture
    Royal King 27,686 on at
    RE: Create a security role that can assign roles to other users

    Assign root business unit to the Administrator User as well assign system administrator role with Access mode  set to Administrative. This will allow user to create and assign role on any business unit.Users configured with this license type can administer the Microsoft Dynamics CRM Server but will not have access to the Sales, Marketing, or Service areas.Moreover  this user does not consume any license .

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Create a security role that can assign roles to other users

    Hi Karth,

    I have tested it, and it didn't solve the problem.

    Thanks,

    Hao

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Create a security role that can assign roles to other users

    Thanks Mamatha, I will check it out.

    Hao

  • Suggested answer
    Karth Profile Picture
    Karth on at
    RE: Create a security role that can assign roles to other users

    If you set the user's access type to 'Administrative' on the user record, this user will be able to perform the administrative functions such as creating users and assigning security roles globally. Someone with administrative access will not be able to view transnational data such as accounts and contacts. Have you evaluated this?

    Otherwise, you would end up having to create a 'System Admin' like security role and assign this to the user.

  • Suggested answer
    Mamatha Swamy Profile Picture
    Mamatha Swamy 5,422 on at
    RE: Create a security role that can assign roles to other users

    Hao,

    Enable Trace in CRM and check  for the details of missing privilege

    support.microsoft.com/.../en-us

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Create a security role that can assign roles to other users

    Thanks Mamatha,

    If I understand correctly, "User Admin" role has Org level (full green circle) on User entity and all other related privileges. ABC has this role, so ABC should have Org level permissions on User entity.

    Thanks again,

    Hao

  • Suggested answer
    Mamatha Swamy Profile Picture
    Mamatha Swamy 5,422 on at
    RE: Create a security role that can assign roles to other users

    Check if ABC user has BU level permissions on User entities; Try giving Org level permissions to him.

    Refer Access levels in msdn.microsoft.com/.../gg334717.aspx

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans