Sonoma Partners Microsoft CRM and Salesforce Blog

Dynamics 365: Miscellaneous Security Permissions

Today's blog post was written by Jen Ford, Principal QA at Sonoma Partners.

There are so many permissions to consider when you are setting up access for your users. Should I remove delete privileges from Contacts? Should a user be able to view all Cases or should some roles have no access? Should I restrict Account permissions to only see those that the user owns? In addition to making these decisions for entity-specific permissions, there are a slew of Miscellaneous Privileges on each tab of the Security Role that we can set for additional access to special privileges that aren’t a blanket permission on whether or not a user has read, write, or delete privileges to a specific entity. Some of them are very straightforward: Publish Reports or Publish Duplicate Detection Rules. But some of them are more nuanced, or their function doesn’t easily match the name of the permission. What is the difference between the Browse Availability and the Search Availability permissions? What are these, anyway? Let’s take a look at the Miscellaneous permissions on each tab of the Security Role:

Core Records Tab

  • Add Report Services Reports
    • Ability to publish reports.
  • Bulk Delete
    • Ability to delete data in bulk (under Settings > Data Management).
  • Delete Audit Partitions
    • Ability to delete Audit Partitions from Settings > Auditing > Audit Log Management.
  • Manage Data Encryption key – Activate
    • In order to support server-side sync and Yammer integration capabilities, Dynamics 365 needs to store passwords for email services and Yammer authentication tokens. Dynamics 365 uses standard Microsoft SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords. Under Settings > Data Management > Data Encryption (ability to set this value initially).
  • Manage Data Encryption key – Change
    • In order to support server-side sync and Yammer integration capabilities, Dynamics 365 needs to store passwords for email services and Yammer authentication tokens. Dynamics 365 uses standard Microsoft SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords. Under Settings > Data Management > Data Encryption (the "Change" button).
  • Manage Data Encryption key – Read
    • In order to support server-side sync and Yammer integration capabilities, Dynamics 365 needs to store passwords for email services and Yammer authentication tokens. Dynamics 365 uses standard Microsoft SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords. Under Settings > Data Management > Data Encryption (ability to read the Data Encryption Key and view the encrypted data).
  • Manage User Synchronization Filters
    • Manage Offline and Outlook sync filters.
  • Promote User to Microsoft Dynamics CRM User Administrator Role
    • For Online only. Allows you to elevate the privileges of a specific user to System Administrator with the "Promote to Admin" button in the ribbon.
  • Publish Duplicate Detection Rules
    • Ability to publish duplicate detection rules.
  • Publish Email Templates
    • Ability to make Email Templates available to the organization. Under Settings > Templates > Email Templates, there is an option on the Actions menu on the Email Template form for "Make Template Available to Organization."
  • Publish Mail Merge Templates to Organization
    • Ability to make Mail Merge Templates available to the organization. Under Settings > Templates > Mail Merge Templates, there is an option on the More Actions menu for "Make Available to Organization."
  • Publish Reports
    • Ability to set "Viewable By" = "Organization" on the Report Administration tab.
  • Run SharePoint Integration Wizard
    • Allows the user to run the "Enable Server-based Authentication" wizard in Dynamics 365.
  • Turn on Tracing
    • User is able to generate trace files for the organization.
  • View Audit History
    • Ability to view Audit History records off of a related record.
  • View Audit Partitions
    • Able to view the Audit Partitions (under Settings > Auditing > Audit Log Management).
  • View Audit Summary
    • Ability to view Audit History via Settings > Auditing > Audit Summary View.

Marketing Tab

  • Configure Internet Marketing module
    • Internet Lead Capture for CRM 2011. No longer available.
  • Use internet marketing module
    • Internet Lead Capture for CRM 2011. No longer available.
  • Create Quick Campaign
    • Ability to create a Quick Campaign.

Sales Tab

  • Override Invoice Pricing
    • Allows the user to select a Write-In Product, or select 'Override Pricing' on the Invoice Product.
  • Override Opportunity Pricing
    • Allows the user to select a Write In Product, or select 'Override Pricing' on the Opportunity Product.
  • Override Order Pricing
    • Allows the user to select a Write In Product, or select 'Override Pricing' on the Order Product.
  • Override Quote Order Invoice Delete
    • Allows the user to delete an inactive Quote, Order, or Invoice.
  • Override Quote Pricing
    • Allows the user to select a Write In Product, or select 'Override Pricing' on the Quote Product.

Service Tab

  • Approve Knowledge Articles
    • Ability to click "Approve" on a Knowledge Article. If this permission is not granted, the user will not see this button.
  • Publish Articles
    • Ability to publish an Article. This is the old Article entity, not the newer Knowledge Article entity.
  • Publish Knowledge Articles
    • Ability to click "Publish" on a Knowledge Article. If this permission is not granted, the user will not see this button.

Business Management Tab - Privacy Related Privileges

  • Document Generation
    • Allows the user to download a template from CRM (Templates > Document Templates).
  • Dynamics 365 for mobile
    • Allows access to the Dynamics 365 app on a mobile device.
  • Dynamics 365 for phones express
    • Allows access to the Dynamics 365 for phones express app on a mobile phone.
  • Export to Excel
    • Ability to export data from Views and Advanced Find to excel. If this permission is not granted, the user will not see this button.
  • Go Offline in Outlook
    • Allow users to sync offline while they are using Dynamics for Outlook. If this permission is not granted, the user will not see an option to 'Go Offline' in the Outlook client.
  • Mail Merge
    • Able to perform a Mail Merge in the Outlook client. The Web Mail Merge permission is required to perform a Mail Merge in the web client.
  • Print
    • Able to create a printer-friendly display of a grid, by selecting Print Preview in the personal Settings Menu.
  • Sync to Outlook
    • Allow users to sync Contacts and Activities to Outlook.
  • Use Dynamics 365 App for Outlook
    • Allows access to the Dynamics 365 app for Outlook.

Business Management Tab - Miscellaneous Privileges

  • Act on Behalf of Another User
    • Needed to publish workflows. Also can be used for impersonation.
  • Approve Email Addresses for Users or Queues
    • Able to click on 'Approve Email' and 'Reject Email' from the User record or the Queue record.
  • Assign manager for a user
    • Able to set the Manager field on a User record.
  • Assign position for a user
    • Able to set or change a Position for a User, using Hierarchy Modeling.
  • Assign Territory to User
    • Able to set the Territory field on a User record.
  • Bulk Edit
    • Ability to select multiple records at the same time, and click Edit.
  • Change Hierarchy Security Settings
    • Able to change from Position to Manager Hierarchy, Enable Hierarchy Modeling, and set the Entities to include in Hierarchy Modeling.
  • Dynamics 365 Address Book
    • Able to search on Dynamics 365 Contacts in the To, From, and Bcc fields of an Email opened through the Dynamics 365 App for Outlook.
  • Enable or Disable Business Unit
    • Able to select Enable/Disable on a Business Unit (under Settings > Security).
  • Enable or Disable User
    • Able to select Enable/Disable on a User (under Settings > Security).
  • Language Settings
    • Able to provision other Languages (under Settings > Administration).
  • Merge
    • Ability to merge records. If this permission is not granted, the user will not see this button.
  • Override Created on or Created by for Records during Data Import
    • Allows user to set Created On & Created By during import, instead of setting these to the import time and import User, respectively.
  • Perform in sync rollups on goals
    • Permits the user to roll up goal data on demand, instead of waiting for the next scheduled update period, by using the 'Recalculate' button on the Goal record.
  • Read License info
    • Able to access information about the CRM License via the API.
  • Reparent Business unit
    • Able to change the Parent Business field on a Business Unit record.
  • Reparent team
    • Able to change the Business Unit on a Team record (Under Settings > Security).
  • Reparent user
    • Able to change the Business Unit on a User record (Under Settings > Security).
  • Send Email as Another User
    • Able to change "From" on an Email to be a different User.
  • Send Invitation
    • Able to click 'Send Invitation' to a User record when using CRM Online (pre-integration with O365). Doesn't apply to On Premise.
  • Update Business Closures
    • Create / Update Business Closure records (under Settings > Business Management).
  • Web Mail Merge
    • Able to perform a Mail Merge in the web client. If this is not set, and the Mail Merge permission is set, the user will only be able to perform a Mail Merge in the Outlook client. The user can initiate the Mail Merge request from Advanced Find results.

Service Management Tab

  • Browse Availability
    • Able to view the Service Calendar (in the Service area).
  • Control Decrement Terms
    • Able to determine if a Case should not decrement from the Entitlement Terms. User will receive a permissions error when selecting "Do Not Decrement Entitlement Terms" on a Case if they do not have this permission.
  • Create own calendar
    • Able to set up a New Weekly Schedule, a Work Schedule for One Day, or Time Off in the logged in User's Calendar (open a User record, and look for Calendar in the related entities. When the Calendar displays, these options are under the Setup menu).
  • Delete own calendar
    • Able to delete a New Weekly Schedule, a Work Schedule for One Day, or Time Off in the logged in User's Calendar (open a User record, and look for Calendar in the related entities. When the Calendar displays, this is displayed as an X).
  • Read own calendar
    • Able to view the logged in User's Calendar (open a User record, and look for Calendar in the related entities).
  • Search Availability
    • Permits the user to search for available times when scheduling a Service activity.
  • Update Holiday Schedules
    • Able to create/update Holiday Schedule (under Settings > Service Management).
  • Write own calendar
    • Able to update the Weekly Schedule, Work Schedule for One Day, or Time Off in the logged in User's Calendar (open a User record, and look for Calendar in the related entities. When the Calendar displays, these options are under the Setup menu).

Customization Tab

  • Activate Business Process Flows
    • Able to click 'Activate' when setting up a business process flow (in customizations, under Processes).
  • Activate Business Rules
    • Able to click 'Activate' when setting up Business Rules (in the entity customizations).
  • Activate Real-time Processes
    • Able to click 'Activate' when setting up a workflow, dialog, or action (in customizations, under Processes).
  • Configure Yammer
    • Able to configure Yammer to work with Dynamics CRM.
  • Execute Workflow Job
    • Able to run a workflow over a record/set of records.
  • Export Customizations
    • Ability to export a solution.
  • Import Customizations
    • Able to import customizations and solutions into the environment.
  • ISV Extensions
    • Not currently in use.
  • Learning Path Authoring
    • Ability to create Learning Path training: contextual training that can include videos and walkthroughs.
  • Modify Customization constraints
    • Not currently in use.
  • Publish Customizations
    • Ability to publish customization updates.
  • Retrieve Multiple Social Insights
    • Used in conjunction with Microsoft Social Listening.

Any questions? Let us know.

Topics: Microsoft Dynamics 365