locked
Add & Remove Users in Team RRS feed

  • Question

  • Hi All,

    I have a issue when I try to add & remove member (user) in team. Is there any security role missing in my configuration?

    please advise.

    Monday, November 30, 2015 9:18 AM

All replies

  • What error message do you get ? And are you using Crm Online or OnPremise ? If you have OnPremise, then you can enable tracing to determine what specific privilege you are missing

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by pntr Tuesday, December 1, 2015 6:34 AM
    • Unmarked as answer by pntr Tuesday, December 1, 2015 6:34 AM
    Monday, November 30, 2015 11:06 AM
    Moderator
  • Hi David,

    thanks for the reply,

    I am using MS CRM 2015 OnPremise.

    I just explore the error more detail, and got CRM has behaviour when I try to set security role to a user or when add/remove member in team, I need use user login that has security level access more or equal global than the user that assigned.

    ex:

    I have 2 security role:

    a. admin: in this security I need security level access only for related administration things, such enable/disable user, add/remove user in team, and no need access to incident, sales order, etc.

    b. user business: in this security I need security level access for business things such as create incident, sales order, etc and no need access to enable/disable user, add/remove user in team.

    and I have 2 users (user1 & user2).

    I already set security role to user1 as admin, and login as user1 and try to set security for user2 as user business and got an error that mentioned need privilege to access incident, sales order.

    during this time I usually using system administrator role for setup related administration things, but for now I need to separate them into admin & user business role.

    please advise,


    • Edited by pntr Tuesday, December 1, 2015 8:00 AM
    Tuesday, December 1, 2015 7:55 AM
  • Then its not an error. Its quite logical because a user with lesser privileges cannot decide and grant more to others even if he has rights to assign roles. In your case, I would advise that your Administrator user must be granted Admin as well as User Business roles for him to be able to assign these roles to others.

    We had a similar situation, and this is what we did.

    1. Create 3 roles - User Manager Role, Support role, and Business User role

    2. User Manager role has Org Level rights and only on user management privileges under Business Management tab. That is, Security Role, User, User Settings, Enable/Disable User, Reparent User, Reparent Team. It must have no other privileges.

    3. Support role has Org Level privileges on all admin and business items, but no rights on user management privileges mentioned in point 2.

    4. Business User role has rights on business data, as per the level required by business.

    Now, user who does role management will be provided User Management Role, as well as Support Role. User who only needs to perform administrative functions (except user management functions) will be provided Support role. The business users will get Business User role.

    The drawback is Support User gets to see business data, but that cannot be helped. At most you can enable auditing on record access so you can anytime monitor if support users are indeed looking at business data without permission.

    Hope this helps.

    Regards,

    Yogesh

    • Proposed as answer by CRMYogi Tuesday, December 1, 2015 8:24 AM
    Tuesday, December 1, 2015 8:24 AM
  • Hi Yogi,

    thanks for the reply and detail explanation.

    I have some confusing regarding your statement above

    in point 3, mentioned support role no right on user management, but in the next statement you mentioned "user who does role management will be provided User Management Role, as well as Support Role"

    please advise.

    Wednesday, December 2, 2015 2:52 AM