CRM 2013/2015 - New Security role from Ground Zero
Never really wanted to create a new security role from ground up right? Me neither. Always got the "Insufficient Permissions error "
But I came across these situations where some of my customers were creating New security roles, from scratch, and setting up permissions on entities. But that never worked. It's only because there are a host of entities in CRM that you need permissions to, in order to even let the user log in, using that new security role. We generally recommend using a basic security role and copying it into your new role.
I thought I'll write about my experiments with CRM 2013/ 2015 and how I got a blank new security role from Ground Zero working.
1. Of course, you start with creating a new security role, without copying an existing one. Name it and Save it.
2. Open it up again and you will see some default permissions that CRM has already set for your security role. You will see permissions to the SDK message processing steps & plugin entities in Customizations, already given permissions. Do not remove those.
3. If you assign a new user with this security role, he won't be able to even log in to CRM. You'll still need to add permissions to some other entities.
4. Go back to the security role. Go to Customizations-> System Form and give permissions like below
5. Post that go to Business management - Just those 3 below need basic user level permissions
6. Post that give your specific business permissions, like you wanted to give to this role. Give Dashboard user level access if you want them to see their dashboard.
7. After this try to log in to CRM with the user having this security role, and he should be able to log in :)
There are a few more things I noted additionally. If you have given read or write permissions to certain entities, they still may not be accessible. This is because of other entities that need permissions again.
Check these points I figured out for certain entities, which may help you get rid of those problems with your entity permissions too.
- View the Contacts, Account, Cases, etc. records:
Go to Customizations -> Views and give read permissions to user level
Go to Business management -> User settings and give read permissions to user level
These are required to View the list of those entity records, otherwise you get the Insufficient permissions error when you go to these entities.
- Open a Case (Incident), Opportunity form
Full permissions at Org level on Core Records - > Subject entity (only required for Case entity)
Full permissions at Org level on Customizations -> Process entity
The process entity permissions are required for a number of forms like Case, Opportunity, where you have the process flow shown on the form page. This permission never gets added by default.
- Opening the Account form, Contact form
Read permissions on - Lead, Campaign ,Opportunity ,Opportunity relationships and Marketing entities (These are shown on the forms and hence you need at least Read permissions for them to load up)
Full permissions at Org level on Customizations -> Process entity
Hope this helps you get you through the basic set of permissions you need with a blank security role. I had to get this with a lot of trial and error :S
It also helps, if you have got in security roles from CRM 2011 and using them in CRM 2013/2015 and aren't able to access the views, or forms. This is primarily because new entities got added from CRM 2013 onwards and unless you use one of the existing security roles in 2013/2015, you won't be able to get the security role working.
Happy to help if you're stuck on something!