I have an interesting issue I'd like some input on. We created two new groups and accidentally left prvCreateUserEntityUISettings disabled on both groups. Things actually seemed to work for some users, but other users couldn't access CRM
which through a Trace showed they were missing the prvCreateUserEntityUISettings permission.
So first question, why would someone be able to access CRM if prvCreateUserEntityUISettings is disabled on the only Role they have access to? Also I added the permission to one of the Roles and those users were able to get access, but removing
the role did not revoke their access. It's like if a user has had the prvCreateUserEntityUISettings permission it's always there even if the permission is removed from all the roles setup for the user.
Can someone explain why this is so? I even built a SQL query to check the roles and permissions for the users, and I've verified that a new user without the prvCreateUserEntityUISettings permission cannot access CRM, I add the permission and they can
see it, but then I remove the prvCreateUserEntityUISettings permission and they can still access CRM. I've even rebooted the server, and the user can still access CRM without prvCreateUserEntityUISettings permission.
So it's like if a user has had the prvCreateUserEntityUISettings privilege past or currently they can still log into CRM of all other required privileges are setup.
Thanks for any suggestions on why this is so. This is on CRM 2013 SP 1 RU1
