locked
How to track unwanted privileges? RRS feed

  • Question

  • Hi every body

    Recently we faced to a new problem with MS CRM 4 User's access to others objects: Some users have unwanted access rights to other business units that they prohibited in their Roles definitions. Therefore we need to track and find out which Role, Sharing, or assignment is the root of this problem?! Can you help me? (any recommend in SQL will be helpful + I have the unwanted privilege ID with Access Checker)

    In addition is there any way to reset/reconfigure/rebuild every privileges to the whole of microsoft crm 4 database?



    • Edited by Soroosh81 Thursday, April 25, 2013 10:11 AM
    Thursday, April 25, 2013 9:54 AM

All replies

  • First off, there is no such thing as "prohibited" in CRM security roles.  All roles are additive, and the most permissive role for any entity wins. (i.e. there is nothing analogous to the "deny" permission in Windows)

    So you're going to have to check the roles they're in, and the CRM User report is a good start.  It will report all roles a user is a part of, and then you can start testing which roles are too broad.

    As for resetting and re-configuring roles in CRM, just remove all roles from everyone and start fresh with new roles.


    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

    Thursday, April 25, 2013 8:44 PM