In a previous PowerObjects blog, Administering Team-based CRM Security in Changing Organizations, the benefits of team-based security management were presented, along with the steps to implement the model. Team-based security is a great model for larger businesses and fast-changing organizations, and today’s blog details a “gotcha” in the model.
While there are security roles assigned to teams (and users within those teams), it should be considered best practice to also create a Default Access security role that is assigned directly to all users. This role should contain the minimum privileges required to just log in to Dynamics 365. There are numerous privileges required just to log in and Microsoft has made it easy for you by creating a solution file containing such a security role: Download the Microsoft solution file.
There is a set of User level security permissions that are passed only to the actual user logging into the system (Teams don’t log in). Even if your Team role contains these privileges, individual users won’t receive them, which can cause issues for any number of reasons. Specifically, the Create privilege needs to be granted for User Entity UI Settings. This entity stores details about a user’s recent usage of Dynamics, including the last form accessed on an entity and the most recently used records.
Don’t get caught in this “gotcha,” just remember User permission needs to be directly on a User – and the rest comes from Team membership!
See more tips and tricks on our blog and happy Dynamics 365’ing!