Security roles & teams RRS feed

  • Question

  • I have only been using CRM 2011 for a few months now.

    There are approximately 100 users on our CRM system.  We have created several teams, with each user being assigned to a team.  The teams really serve to group several users together by function, i.e., a Clerical Team whose functions include data entry, an Administrative team whose main function is to read custom reports, etc. 

    I have created several security roles to control the access to all of the data within the system.  At least one, if not two or three, security roles may be assigned to each team.

    In the past, this setup has worked well for us.  Our workforce is fairly fluid, so it is much easier - and cleaner - to add users to or remove users from a team rather than constantly have to add/remove security roles.

    I have recently encountered a snag in my system security setup.  Due to the fact that we need to quite frequently need to add/remove users to/from teams on a daily basis, we have decided that it would be best to enable a few users to enable/disable users in our system.  I have created a "Biz Admin" security role just for these users and have - thru research - given the necessary permissions to this security role to enable/disable users.

    When I assign this "Biz Admin" role to a team, consisting of a chosen few people, the team members are NOT able to deactivate a user.  However, when I assign this same "Biz Admin" role to an individual member of the team, the user is now ABLE to deactivate users.

    Does anyone know why this might be the case - that a security role "does not work" when assigned to a team but "does work" when assigned to an individual user??  Any help would be greatly appreciated!



    Sunday, February 23, 2014 6:10 PM

All replies

  • Hi Michelle,

    Team roles are not always the same as adding roles directly to users! See http://blog.crmguru.co.uk/2013/06/25/security-roles-and-teams-in-crm-2011-an-inconvenient-half-truth/

    Hope this helps,


    Scott Durow
    Blog www.develop1.net    Follow Me
    If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful"

    Sunday, February 23, 2014 6:25 PM
  • Scott

    Thanks for the link to that article!  It has definitely helped - now I am just mulling over what I would need to do in order to make sure that everyone can do their jobs!

    I'm sure that you will be hearing from me again, soon!!


    Friday, February 28, 2014 6:17 PM
  • Hi Michelle

    Are you Assign only one Security role (Biz Admin) on team that enable/disable users.?

    if your team has Multiple Security role e.g Biz admin and say xyz it may be in xyz roles are not set to enable/disable user

    so change security roles if your team also have security roles other than Biz admin.

    Muhammad Sohail

    Saturday, March 1, 2014 4:45 PM
  • Hi Muhammad

    Thanks for the suggestion!

    After reading the article suggested by Scott, I ended up creating a new Security Role, "Enable & Disable Users."  I only set a few permissions in this role, knowing that it will be a SECOND (at least) Security Role given to a user (upon creation of a user, that user is given a "Base Role" which grants all the permissions necessary to log in to our system).  I gave this Role DIRECTLY to the user instead of to a team, which is what I was trying to do before I heard from Scott.

    This seems to be working correctly.



    Sunday, March 2, 2014 3:52 PM