Removing prvCreateUserEntityUISettings permission but user can still access GUI .. suggestions? RRS feed

  • Question

  • I have an interesting issue I'd like some input on.  We created two new groups and accidentally left prvCreateUserEntityUISettings disabled on both groups.  Things actually seemed to work for some users, but other users couldn't access CRM which through a Trace showed they were missing the prvCreateUserEntityUISettings permission.

    So first question, why would someone be able to access CRM if prvCreateUserEntityUISettings is disabled on the only Role they have access to?  Also I added the permission to one of the Roles and those users were able to get access, but removing the role did not revoke their access.  It's like if a user has had the prvCreateUserEntityUISettings permission it's always there even if the permission is removed from all the roles setup for the user.

    Can someone explain why this is so? I even built a SQL query to check the roles and permissions for the users, and I've verified that a new user without the prvCreateUserEntityUISettings permission cannot access CRM, I add the permission and they can see it, but then I remove the prvCreateUserEntityUISettings permission and they can still access CRM.  I've even rebooted the server, and the user can still access CRM without prvCreateUserEntityUISettings permission.

    So it's like if a user has had the prvCreateUserEntityUISettings privilege past or currently they can still log into CRM of all other required privileges are setup.  

    Thanks for any suggestions on why this is so.  This is on CRM 2013 SP 1 RU1

    Tuesday, October 27, 2015 9:57 PM

All replies

  • When a user logs into CRM for the firsts time, their localized information needs to be updated on their record.  Such as language setting and time zone.  Once this information is set after the first time the user logs in, the privilege can be taken away.  This is why your existing users have no problem missing the privilege.

    Set the privilege to user level.  You should be ok with letting them keep it.  If you absolutely can't leave this privilege on for the users, then simply create a new security role with this privilege, and only assign it for their first login, and then take it away. 

    This has been an issue for several versions with CRM 4.0 being the one I first noticed the issue.

    Jason Peterson

    Tuesday, October 27, 2015 11:14 PM