Recently I came across a question in Dynamics Forum where the same question was posted. To be more specific, some sales user in the environment were having access to ‘System Settings’ in the administration section due to improper set-up of security role.
Clearly this was a security vulnerability. So what is the privilege that gives you access to the System Settings of the administration section.
To be honest, when I saw this question in the forum, I was not sure exactly sure about what is the exact privileged that needs to be turned on or off. However I knew that all the system settings are organization specific and hence they should be stored in some entity while relates to Organization settings.
I just browsed the security role form and voila! In the Business Management section, I could find the ‘Organization’. If we provide write privilege for this entity for a security role, user with the security role would be able to see ‘System Settings’ in the administration section. Check for the screenshot below.
Small info. But if you are not aware of it, can eat up your significant amount of time.
Hope this helps!