{Dynamics 365 Security Nuances} Can a user work with only team roles in Dynamics 365

Recently I was conducting a training in Dynamics 365 where I got the same question. Just a quick thought and the answer that comes to mind is “Yes”. After all,

a user’s security role is the sum of the security roles directly assigned to the user + sum of the roles the user derives through it’s association with the Teams (provided teams are given security role)

And here I was, where a user is belonging to a team and the team has a security with all the right privileges assigned to make the user work in Dynamics.

When I assigned the role directly to the user and the user is not part of the team, it just worked fine. Now comes the other way round. I remove the user’s security role, assign the same security role to a team and add the user to the team.

image

As you can see, the security role is having pretty much everything to access this account.

Login screen below after the user logged in.

image

 

Looks awesome isn’t it. The user can see accounts as expected. Just when you think that you have won the hearts of participants with your awesome understanding of Dynamics, Dynamics would throw a stick or two at you.

So I clicked on Account and this is what I get below.

image

That facepalm moment where you are just thinking, what just happened?

Now time for some recovery. When I click on Advanced find and try to access accounts, I could see them just fine.

image

 

You can even create/ read/ write and do all the fancy stuffs as per the role privilege.

Now I just did this trick. I just created a dummy role with absolutely no privilege to any entity and added it to the user. And this time when I click on Sales –> accounts, it just works fine.

 

So next time when you are up to this, this can save you some awkward moments. Not sure if this a bug or expected behavior but it seems the problem is only with the Home Page grid. Even if I try to read/ write accounts with the user credentials programmatically using SDK, it works fine.

For the home page grid to work, it requires a role to be assigned directly to the user.

 

Debajit Dutta (Dynamics MVP)

For training/ consulting, please write to us at info@xrmforyou.com or visit our website www.xrmforyou.com

Advertisements

Author: Debajit

I am a Dynamics CRM Most Valuable Professional (MVP) with 10 years of experience in Microsoft .NET Technologies and 7 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of XrmForYou.com with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through XrmForYou.com Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under XrmForYou.com For consulting/ training, drop me a note at info@xrmforyou.com or visit our website www.xrmforyou.com

3 thoughts on “{Dynamics 365 Security Nuances} Can a user work with only team roles in Dynamics 365”

  1. It’s worth mentioning that if a user does not have any roles assigned to them directly, but only through a team they will not be able to
    a.) Create any personal views or dashboards
    b.) Amend their own preferences (e.g. change the number of rows they see in a view)
    We create a ‘Basic CRM User’ role to give this type of privilege and grant everything else through team roles

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s