CDS Power Platform · Customization and Configuration · Functional Info

{Dynamics CRM CE} Minimum privilege required to add User to Team and assign Role to them

Recently while working on one of the requirement in my project we wanted to have a custom security role though which user can add another User to Team and assign Roles to them.

We did not wanted to have System Admin/Customizer role assigned to perform this specific task.

Business Management Tab
EntityPrivAccess Level
TeamReadOrg
TeamAppendOrg
TeamAppend ToOrg
TeamWriteOrg
UserAppendOrg
User Append To Org
Security RoleAppend ToOrg
Security RoleAppendOrg
Security RoleReadOrg
Security RoleAssignOrg

Depends on what User you want to add and assign role to them, you should change Access level to BU or Parent Child BU instead of ORG Access level.

Things to keep in mind :-

  1. A user cannot grant privileges that they do not already have themself. So your “customizer” users would need rights to write to user entity, append to user entity and append to Security Role entity (because it is an N:N relationship you need append TO on both).
  2. They must also have a role that has all the roles that every other role has, or they need tohave every other role that they might need to assign.
References
https://docs.microsoft.com/en-gb/power-platform/admin/security-roles-privileges#assigning-security-roles
https://docs.microsoft.com/en-gb/power-platform/admin/prevent-elevation-security-role-privilege

Hope this helps!

One thought on “{Dynamics CRM CE} Minimum privilege required to add User to Team and assign Role to them

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s