Microsoft Dynamics CRM Online Help

Permissions required for customization tasks

Customization tasks generally require the default System Administrator or System Customizer security roles. Some other default security roles also provide privileges to perform certain customization tasks or provide access to certain customizations. The following table shows the privileges necessary to perform each task or to have access to certain customizations. Customization tasks are never performed while using Microsoft Dynamics CRM Online for Outlook offline.

Note

You can find out what security roles you're assigned to in the Set Personal Options wizard. More information: View your user profile

Customization Tasks

Default Security Roles and Required Privileges

Comments

Access customization area

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privilege:

Entity: Read

The Entity Read privilege controls access to the customization area.

Publish customizations

Security roles:

System Administrator

System Customizer

Privilege: Publish Customizations

Customizations that change the schema must be published. The Publish Customizations privilege is separate from other customization privileges because it allows user-interface elements to be customized by several people but published only by someone who has reviewed the customizations.

Customize entities

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Entity: Write

These privileges allow you to change the Display Name of the entity. Modification of the entity attributes, form, views, or messages require additional privileges.

Editing entity messages requires the privilege:

Form: Organization Write.

Create custom entities

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Entity: Create

Entity: Write

These privileges allow you to create a custom entity. Modification of the entity attributes, form, views, or messages require additional privileges.

Set privileges for custom entities

Example Privileges

<Custom Entity>: Create

<Custom Entity>: Read

<Custom Entity>: Write

<Custom Entity>: Delete

<Custom Entity>: Append

<Custom Entity>: Append To

<Custom Entity>: Assign

<Custom Entity>: Share

Security roles:

System Administrator

System Customizer

When a custom entity is created, the access level is set to None for all privileges in all security roles other than System Administrator and System Customizer. Change the access level as appropriate to enable other users to use custom entities.

The settings shown here are default privileges for core user-owned entities that store customer data. These settings represent a common pattern for user-owned entities.

Organization-owned custom entities do not have the Assign or Share privilege.

Export customizations

Security roles:

System Administrator

System Customizer

Privilege: Export Customizations

You are able to export only customizations and settings for which you have read privileges.

To export ISV.Config you must have the ISV Extensions privilege.

Import customizations

Security roles:

System Administrator

System Customizer

Privilege: Import Customizations

Some customizations must be published after they are imported before they are available to users.

You are able to import only customizations and settings for which you have read, create, and write privileges.

Only the System Administrator can import security role definitions or organizational settings.

Customize and publish during import

Security roles:

System Administrator

System Customizer

Privileges:

Attribute: Create

Attribute: Read

Attribute: Write

Entity: Read

Entity: Write

Relationship: Read

Relationship: Write

Customization: Read

Customization: Write

Query: Read

Query: Write

Publish Customizations

 

Modify entity attributes

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Attribute: Read

Attribute: Write

These privileges allow for modification of existing entity attributes only. Creation of new attributes requires additional privileges.

Create entity attributes

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Attribute: Read

Attribute: Write

Attribute: Create

New entity attributes are not visible to users until they have been added to the entity form. Modifying the entity form requires the Form: Write privilege.

Edit entity relationships

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Relationship: Read

Relationship: Write

These privileges allow for modification of existing entity relationships only. This includes the ability to create new mappings. Creation of new entity relationships requires additional privileges.

Create entity relationships

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Relationship: Read

Relationship: Write

Relationship: Create

New entity relationships cannot be used until the relationship attribute is added to the related entity form. Modifying the entity form requires the Form: Write privilege.

Use custom entity relationships

Security roles:

Depends on the entities participating in the relationship.

Privileges:

primary entity record: Read

primary entity record: Append

related entity record: Read

related entity record: Write

related entity record: Append To

related entity record: Create

At a minimum, users must have User level access to the records participating in the relationship.

Users with the Create privilege on the related entity record will be able to create new associated records from the primary entity.

Create charts

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Write

View: Create

View: AppendTo

The Append To privilege on the system view is not exposed in the role editor but is automatically granted to new roles created through Microsoft Dynamics CRM Online.

Edit charts

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Write

View: Create

 

Delete charts

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Write

View: Create

View: AppendTo

 

Modify entity forms

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Form: Write

Form: Read privilege is set to Organization and cannot be changed.

Modify system views

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Write

These privileges allow for modification of existing views only. Creation of new views requires additional privileges.

The View: Read privilege is set to Organization and cannot be changed.

Create system views

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Professional

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Write

View: Create

The View: Read privilege is set to Organization and cannot be changed.

Delete system views

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privileges:

Entity: Read

View: Delete

The View: Read privilege is set to Organization and cannot be changed.

View client extensions

Security roles:

System Administrator

System Customizer

CEO-Business Manager

Customer Service Manager

Marketing Manager

Vice President of Marketing

Sales Manager

Vice President of Sales

Privilege: ISV Extensions

This privilege grants users the ability to see client extensions configured using ISV.Config.

Edit entity messages

Security roles:

System Administrator

System Customizer

Privileges:

Entity: Read

Entity: Write

Form: Write

 

Download Web Services Description Language files

Security roles:

System Administrator

System Customizer

Privilege: Entity: Read

The entity Read privilege is necessary only to gain access to the URLs in the customization area. It is not necessary to download the Web Services Description Language files.

Related Topics

Customization Capabilities

Controlling Data Access

Check Your Permissions for a Record

© 2012 Microsoft Corporation. All rights reserved.