Customization Privileges

All users People who have active user accounts in Microsoft Dynamics CRM Online. have the ability to set personal options that affect their preferences for using Microsoft Dynamics CRM Online. More information: Configuring Personal Options

The ability to perform customizations that affect all users depends on how privileges A user's rights to perform specific actions on specific record types or to perform tasks. Privileges are assigned by system administrators to security roles. Users are then assigned security roles. Examples of privileges include Update Account and Publish Customizations. have been configured for the security role A defined set of privileges. The security role assigned to a user determines which tasks the user can perform and which parts of the user interface the user can view. All users must be assigned at least one security role in order to access the system. associated to each user account. By default the System Administrator and System Customizer security roles have the necessary privileges to perform customizations. More information: Customization Permissions

Issues related to customization privileges include:

• System Customizer security role
• Creating or modifying security roles to grant customization privileges
• Custom entity privileges
• Scope of customizations

System Customizer security role

Because users can be associated with more than one security role, you can grant a user virtually all of the customization privileges by adding the System Customizer security role to their user account. This will provide most of the privileges necessary to perform customizations without expanding their access to data.

Note: The only customization tasks that require the System Administrator security role are importing security role definitions and organizational settings.

Top of page

Creating or modifying security roles to grant customization privileges

Other security roles can be created or modified to grant users the ability to participate in different levels of customization. For example, managers might be given the privileges to change the layout of a form or modify the configuration of an attribute, but not be allowed to create new entities or modify relationships.

Each of the customization privileges have only two levels of access: None None An access level that denies the user privileges at any level. or Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access as well. . Therefore, it is not possible to grant users customization privileges for specific business units.

Many customization privileges are related to specific areas: Entity A structure used to manage data. Microsoft Dynamics CRM Online entities include Account, Case, and Activity., Attribute A property of an entity with a specific data type. Attributes are analogous to columns in a database table. When attributes are added to an entity form, they are displayed as fields that correspond to their data type., Relationship A definition of how records may be related to each other. Relationships defined between entities control how Microsoft Dynamics CRM Online presents options for records to be linked to each other in the application., Form A page that displays detailed information that users have entered into Microsoft Dynamics CRM Online about a specific record, such as all information about a contact.Information that users enter in a form is stored in Microsoft Dynamics CRM Online as a record., and View A filter applied to a list of records.Users can choose different views that contain all the records or activities of a particular type or that are a subset of that type.. For each of these areas, only the Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role., Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role., Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role., and Delete A privilege required to permanently remove a record. Which records can be deleted depends on the access level of the permission defined in your security role. privileges apply.

Note: All users have Organization Read access for Forms and Views because this is required to use Microsoft Dynamics CRM Online. These privileges cannot be removed.

Users must have the Entity Read privilege to view the Customization area within Settings. To create entities, they must have the Entity Create privilege. Once users can access the Customization area, their privileges can be set according to the need. For example, to update attributes, they must have the Attribute Read and Write privileges.

Note: Privileges within areas are independent. When an action automatically performs tasks that would otherwise require a specific privilege, it is not necessary for the user to have that privilege. For example, a user who does not have the Attribute Create privilege but does have the Relationship Read and Create privileges will be able to create new relationships even though the process of creating a new relationship will create a new relationship attribute An attribute that exists in a related entity when a hierarchical relationship exists. When added to the form of the related entity, a lookup control is displayed to allow the record to be related to another record as defined in the relationship. on the related entity. In addition to the area privileges, there are some Miscellaneous Privileges associated with customization.

• ISV Extensions A privilege required to view and use custom buttons created in the ISV.Config. This privilege is on the Customization tab in Security Roles.

  This privilege also requires that client extensions have been enabled. By default, most security roles for managers have this privilege. More information: Manage System Settings

• Export Customizations A privilege required to export customizations. This privilege is on the Customization tab in Security Roles.

  Users with this privilege can only export customizations they have privileges to Read.

• Import Customizations A privilege required to import customizations. This privilege is on the Customization tab in Security Roles.

  Users with this privilege can only import customizations they have privileges to Read, Create, and Write.

• Publish Customizations A privilege required to make customizations available to all users. This privilege is on the Customization tab in Security Roles.

  You may grant users rights to create customizations that use form scripting or change the visual presentation of Microsoft Dynamics CRM Online but restrict their ability to apply them to all users until the changes have been approved.

Top of page

Custom entity privileges

When a custom entity is created, each security role must be modified to allow users to access it. This can be used to reveal custom entities only to members of certain security roles.

Top of page

Scope of customizations

Customizations are applied to the entire organization. However, security roles can be created and configured for a business unit that will grant access to specific custom entities for users associated to that security role in that business unit.

Note

Microsoft Dynamics CRM Online does not provide a direct mechanism to apply security to specific attributes within an entity.

Top of page

Related Topics Customization Area Controlling Data Access Configuring Personal Options Customizing Entities

© 2009 Microsoft Corporation. All rights reserved.