General Security Role for Dynamics CRM 2011

Paul Nieuwelaar, 11 August 2011

In Dynamics CRM 2011 there are several Security Roles loaded in the system by default, all of which give various permissions to access the system. However there is no “General” role that grants any user access to the system. For this reason we have created one role that can be given to any user, and with that role alone they would be able to access “general” features of the system, such as tracking emails from outlook, creating accounts, contacts, and running workflows.

Using this method of a “general” role, you can assign the General role to every user in the system, and then any additional roles can be assigned on top of that. This means when creating custom roles you won’t need to worry about all the miscellaneous permissions required to access CRM, as the General role takes care of all of these required permissions.

To configure this role in your own system, use the following screenshots to set the appropriate permissions.

Core Records Tab:
For this we have set some basic permission’s for viewing all Accounts and Contacts, as well as all the users Activities. Note that the delete privilege has been removed from most entities.

Marketing Tab:
We have left off all the Marketing privileges, as these can be added via a ‘Marketing’ role. This way any users not involved in Marketing will not need to access the Marketing features, such as Marketing Lists and Campaigns.

Sales Tab:
As with the Marketing tab, most privileges have been turned off, however ‘Append’ and ‘Append To’ have been granted for Territory to allow users to select a Territory on an Account for example.

Service Tab:
As with Sales and Marketing, the main Service privileges have been switched off, however basic permissions have been granted for Articles, to allow users to access the Knowledge base articles.

Business Management Tab:
Most permission’s on this screen are required to access the system, and should not be removed.

Service Management Tab:
We have removed the main privileges, as these should only be assigned to selected Users. The Miscellaneous Privileges for ‘Browse’ and ‘Search Availability’ are required to access the system.

Customization Tab:
Most permission’s on this screen are required to access the system, and should not be removed. Permission’s have also been granted to run workflows.

Once the role has been created it can be assigned to all users as a base role, then any additional roles can be assigned on top. However users with just this role will still be able to access a stripped down version of the system.

Also if you have any custom entities you should decide whether access to these should be given to general users, and include them in the General role if necessary.

Now when you are creating a new security role you won’t need to worry about all the ‘Miscellaneous Permissions’ required to access the system, as the General role will take care of all of these for you.