{"id":196,"date":"2009-06-10T08:36:00","date_gmt":"2009-06-10T03:06:00","guid":{"rendered":"https:\/\/www.inogic.com\/blog\/?p=196"},"modified":"2009-06-10T08:36:00","modified_gmt":"2009-06-10T03:06:00","slug":"how-to-create-a-new-user-role-in-crm-that-actually-works","status":"publish","type":"post","link":"https:\/\/www.inogic.com\/blog\/2009\/06\/how-to-create-a-new-user-role-in-crm-that-actually-works\/","title":{"rendered":"How to create a new User Role in CRM that actually works :)"},"content":{"rendered":"<div align=\"justify\"><span>Its always recommended that we use the user roles already provided by CRM and edit them as per our needs.<\/span><\/div>\n<p><span><br \/><\/span><br \/><span><\/span><\/p>\n<div align=\"justify\"><span>Well instead of taking the easy way out, we decided to go ahead and create a new Role from the scratch and there were times I thought, easy way out was a better option \ud83d\ude42<\/span><span><br \/><\/span><\/div>\n<p><span><\/p>\n<p><\/span><span><\/span><span><\/span><\/p>\n<div align=\"justify\"><span>Let us share a couple of our findings that should help anyone who decided to take the path less trodden.<\/span><\/div>\n<div align=\"justify\"><span>When you create a New Role, you will notice that some of the previleges are provided by default. The default privileges added cannot be removed.<\/span><span><br \/><\/span><span><br \/><\/span><\/div>\n<div align=\"justify\"><span>We just wanted to make a role that gives the user the permisison to view all accounts and nothing else.<\/span><\/div>\n<p><span><br \/><\/span><\/p>\n<div align=\"justify\"><span>So we created a role with the following privileges<\/span><\/p>\n<\/div>\n<p><span><img decoding=\"async\" alt=\"\" src=\"http:\/\/4.bp.blogspot.com\/_pMlyDuF-ngc\/Si9zMyIDwHI\/AAAAAAAAAE0\/FKjhsXWKB-0\/s400\/role1.jpg\" border=\"0\"><\/span><\/p>\n<p><\/p>\n<p align=\"justify\"><span>However when we login with the user that has ONLY this role assigned to it, we receive the following error <\/span><\/p>\n<p><span><img decoding=\"async\" alt=\"\" src=\"http:\/\/1.bp.blogspot.com\/_pMlyDuF-ngc\/Si90J17oFSI\/AAAAAAAAAE8\/vcadb0xKeB0\/s400\/role2.jpg\" border=\"0\"><\/span><\/p>\n<p align=\"justify\"><span>We spent a lot of time trying our various combinations, when finally we found that the problem was with the user settings entity &#8220;Write&#8221; permission. By default CRM provided the &#8220;Read&#8221; permission for this entity, but not the write permission. <\/span><\/p>\n<p align=\"justify\"><span>Once this permission was added. Run iisreset. Login as the user and it should be just fine now.<\/span><\/p>\n<p align=\"justify\"><span>In the process we also learnt that System Administrator has certain special privileges that are not presented on the Role user interface, so there is no way to can provide these permissions to any other user.<\/span><\/p>\n<p align=\"justify\"><span>One of the permissions is to allow users to &#8220;Bulk Delete&#8221; records. Only System Administrator users have the permission to create &#8220;Bulk Delete&#8221; Jobs. This helped when we were developing one of the add-ons for Bulk Delete Operations. Details of this add-on has been posted on an <\/span><a href=\"http:\/\/inogic.blogspot.com\/2009\/05\/bulk-delete-operations-for-dynamics-crm.html\"><span>earlier <\/span><\/a><span>post<\/span><\/p>\n<p align=\"justify\"><span>One of the workarounds though, is to Copy the System Administrator Role and create a new Role which will inherit these hidden privileges from the System Administrator Role.<\/span><\/p>\n<p><span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Its always recommended that we use the user roles already provided by CRM and edit them as per our needs. Well instead of taking the easy way out, we decided to go ahead and create a new Role from the scratch and there were times I thought, easy way out was a better option \ud83d\ude42\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.inogic.com\/blog\/2009\/06\/how-to-create-a-new-user-role-in-crm-that-actually-works\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[1565],"class_list":["post-196","post","type-post","status-publish","format-standard","hentry","category-dynamics-crm","tag-security-roles"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/comments?post=196"}],"version-history":[{"count":0,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/196\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/media?parent=196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/categories?post=196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/tags?post=196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}