Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM (Archived)

CRM 2015 On-Premise - Permissions Issue with Activity

Posted on by 65

Hello,

I'm currently facing an issue with permissions related to "Activity" that is really giving me a headache. I was hoping somebody could tell me what I am doing wrong, and what I am missing in order to get this to work. Here's my scenario:

I want to create a user role that basically allows a user to create activities at the organization level, read all activities, assign to anybody in the org, but only be able to modify those activities that are assigned to him/herself. This especially needs to work with custom entity activities. I thought this would be simple, but for some reason I can't get it to work. Here is what I did:

I first started by creating a custom entity activity (let's say I called it "Custom Activity A"). Very simple step here, nothing complex. I then went and created a security role (let's say I called it "Activity Assigner") and gave it other necessary rights that have nothing to do with Activity (this role needs to be able to perform other functions as well and these rights work fine at the moment).  I then went to the "Core Records" tab and for the "Activity" entity, I gave Organization level rights on "Create", "Read" and "Assign". I then set User level rights on Write, Append, and Append To (No rights to Delete). Now when I log into my application with a user that has the "Activity Assigner" Role (and only this role), I am able to create "Custom Activity A" records and assign them to anybody I want (which is exactly what I want to be able to do), however, I am also able to modify any record that I created myself even if I assign the record to another user (which is not what I want). I only want the user to be able to modify records assigned to him/her, regardless of who created the record in the first place.

Is there something I'm missing here? Is this a "glitch" with Activities?

Any assistance you could provide would be greatly appreciated.

Thank you in advance.

*This post is locked for comments

  • Suggested answer
    tpeschat Profile Picture
    tpeschat 4,926 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    That's exactly what I mean. The rights are inherrited from the parent (regarding) object for activities.

    In my setup I want users to see all contacts of their business unit, but only activities for contacts they own or for which a sharing exists.

    It works that way that they have read rights on bu level on the contact, but only read/write rights on the acticity entity.

    Br Thomas

    Btw: I don't have an idea for a workaround as long as you stick to a custom activity entity instead of a normal custom entity.

  • Eric Tobin Profile Picture
    Eric Tobin 65 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    There is no contact for this activity. It's a custom entity activity that links to a different entity that is also custom. I'd have to check to see if the owner of the "regarding" entity is the user. I've left the office for the day.

    But are you saying if the user is the owner of the "regarding" record, then he/she automatically has modify rights to the activity record? Is there a way around this? In our organization, we use custom activities to basically task out things to different business lines. Our users need to be able to create and see these activities across the organization,  but only be able to modify activities assigned to them once created. It seems that this can't be done out of the box....

  • tpeschat Profile Picture
    tpeschat 4,926 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    Who is the owner of the contact of the activity?

    This might interfere with owner of activity ...

    Example:

    Contact owner = you

    Activity owner = somebody else

    I assume you still would have write permissions on the activity, because it is inherited from the underlying contact.

    Hth Thomas

  • Eric Tobin Profile Picture
    Eric Tobin 65 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    That is related to custom plugins and using the sdk. It has nothing to do with access permissions... Unless I read that wrong.

    Either way, we are on 2015 on-premise and are not upgrading any time soon.

  • Aric Levin Profile Picture
    Aric Levin 30,188 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    See the following link regarding deprecated requests:

    msdn.microsoft.com/.../dn932124.aspx

    Assign request (and many others) is being deprecated. It is being replaced with Update request.

    Test it out.

  • Eric Tobin Profile Picture
    Eric Tobin 65 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    The user has no other roles assigned or any teams or anything like that.

    I don't think what you've written regarding assigning and modifying is accurate. Those are two completely different permissions according to Microsoft and as it is right now the user can see all activities and reassign to anybody without any issues, even if "write" permission is set only to user level, which is what I want. The problem still lays with the fact that the user can modify any activity (change field values) he has created, even if it's not assigned to him (he is not the owner). I want the user to only be able to modify activities (change field values) assigned to him (where he is the owner).

    You'd think this would be simple to implement but I can't seem to get it to work.

    Is there another permission i may have enabled by accident that may cause this to not work?  Or is this simply not doable?

  • Aric Levin Profile Picture
    Aric Levin 30,188 on at
    RE: CRM 2015 On-Premise - Permissions Issue with Activity

    Hi Eric,

    Does that Activity Assigner user belong to any team that might have other security roles assigned to them?

    There are a couple of things here that I see.

    Although there is a particular assign permission, you also need an update permission to assign, which is an issue.

    You can really assign to another user without having permissions to update the record.

    If you are not the owner of the record, and you want to prevent the user from updating, the user should not be able to assign either. I know that is not what you asked, but it is something to consider.

    First, check additional roles assigned to the team of the Activity Assigner User. This might be the source of the first problem.

    Hope this helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans