Posts Tagged ‘security role’

Power Apps – Minimum privileges to run app

February 20, 2020 4 comments

To configure a security role with minimum privileges to run an app, a pre-packaged unmanaged solution is available in Microsoft download center and can be downloaded from here 

The solution contains a security role by name ‘min prv apps use‘.


Use ‘min prv apps use‘ security role as a reference and copy to a new role and configure additional privileges as per your business needs.


Minimum privileges required to access CRM application

January 8, 2013 1 comment

To access CRM application using either Browser or Outlook and perform common tasks all users must be assigned at least one security role with below minimum privileges.

Below is the matrix

Entity Name


Access Level

Security role ‚ÄúTab‚ÄĚ Name
User Entity UI Settings Create, Read, Write User Core Records
User Settings Read User Business Management
Customizations Read Organization Customization
System Form Read Organization Customization
View Read Organization Customization
Web Resource Read Organization Customization

Below are minimum privileges you need to define for some common tasks

Access CRM using Browser:

  • To render the Home page: prvReadWebResource, prvReadCustomization
  • To render an Entity grid (that is, to¬†view lists of records and other data): Read privilege on the entity,¬†prvReadUserSettings, prvReadQuery
  • To view single Entitie in detail:¬†Read privilege on the entity, prvReadSystemForm,¬†¬†prvCreateUserEntityUISettings, prvReadUserEntityUISettings

Access CRM using Outlook:

  • To render navigation for CRM and all CRM¬†buttons: prvReadEntity, prvReadQuery
  • To render an Entity grid: Read¬†privilege on the entity, prvReadCustomization, prvReadWebResource, prvReadUserQuery
  • To render Entities: Read privilege on¬†the entity, prvReadSystemForm, prvCreateUserEntityUISettings,¬†prvReadUserEntityUISettings, prvWriteUserEntityUISettings

We can get¬†more information in the Helper page from “Security Role” form (Refer Navigation below)

Security role helper page

Security role helper page


Check user security role in Plug-ins CRM 2011

September 20, 2011 Leave a comment


Below is the code snippet to check current user security role in Plug-in.

private void CheckUserRole(IOrganizationService service, Guid userID)


QueryExpression query = new QueryExpression();

query.EntityName =¬†“role”; //role entity name

ColumnSet cols = new ColumnSet();

cols.AddColumn(“name”); //We only need role name

query.ColumnSet = cols;

ConditionExpression ce = new ConditionExpression();

ce.AttributeName =¬†“systemuserid”;

ce.Operator = ConditionOperator.Equal;


//system roles

LinkEntity linkRole = new LinkEntity();

linkRole.LinkFromAttributeName =¬†“roleid”;

linkRole.LinkFromEntityName =¬†“role”; //FROM

linkRole.LinkToEntityName =¬†“systemuserroles”;

linkRole.LinkToAttributeName =¬†“roleid”;

//system users

LinkEntity linkSystemusers = new LinkEntity();

linkSystemusers.LinkFromEntityName =¬†“systemuserroles”;

linkSystemusers.LinkFromAttributeName =¬†“systemuserid”;

linkSystemusers.LinkToEntityName =¬†“systemuser”;

linkSystemusers.LinkToAttributeName =¬†“systemuserid”;

linkSystemusers.LinkCriteria =new FilterExpression();




EntityCollection collRoles = service.RetrieveMultiple(query);

if (collRoles != null && collRoles.Entities.Count > 0)            {

foreach (Entity _entity in collRoles.Entities)                {

if (_entity.Attributes[“name”].ToString().ToLower() == “{Your rolename}”)¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† {






How do I call this method :-

public void Execute(IServiceProvider serviceProvider)


IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));

IOrganizationServiceFactory factory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));

IOrganizationService service = factory.CreateOrganizationService(context.UserId);

          CheckUserRoles(service, context.UserId);


Hope it helps ūüôā