Posts Tagged ‘security role’

Minimum privileges required to access CRM application

January 8, 2013 1 comment

To access CRM application using either Browser or Outlook and perform common tasks all users must be assigned at least one security role with below minimum privileges.

Below is the matrix

Entity Name


Access Level

Security role “Tab” Name
User Entity UI Settings Create, Read, Write User Core Records
User Settings Read User Business Management
Customizations Read Organization Customization
System Form Read Organization Customization
View Read Organization Customization
Web Resource Read Organization Customization

Below are minimum privileges you need to define for some common tasks

Access CRM using Browser:

  • To render the Home page: prvReadWebResource, prvReadCustomization
  • To render an Entity grid (that is, to view lists of records and other data): Read privilege on the entity, prvReadUserSettings, prvReadQuery
  • To view single Entitie in detail: Read privilege on the entity, prvReadSystemForm,  prvCreateUserEntityUISettings, prvReadUserEntityUISettings

Access CRM using Outlook:

  • To render navigation for CRM and all CRM buttons: prvReadEntity, prvReadQuery
  • To render an Entity grid: Read privilege on the entity, prvReadCustomization, prvReadWebResource, prvReadUserQuery
  • To render Entities: Read privilege on the entity, prvReadSystemForm, prvCreateUserEntityUISettings, prvReadUserEntityUISettings, prvWriteUserEntityUISettings

We can get more information in the Helper page from “Security Role” form (Refer Navigation below)

Security role helper page

Security role helper page


Check user security role in Plug-ins CRM 2011

September 20, 2011 Leave a comment


Below is the code snippet to check current user security role in Plug-in.

private void CheckUserRole(IOrganizationService service, Guid userID)


QueryExpression query = new QueryExpression();

query.EntityName = “role”; //role entity name

ColumnSet cols = new ColumnSet();

cols.AddColumn(“name”); //We only need role name

query.ColumnSet = cols;

ConditionExpression ce = new ConditionExpression();

ce.AttributeName = “systemuserid”;

ce.Operator = ConditionOperator.Equal;


//system roles

LinkEntity linkRole = new LinkEntity();

linkRole.LinkFromAttributeName = “roleid”;

linkRole.LinkFromEntityName = “role”; //FROM

linkRole.LinkToEntityName = “systemuserroles”;

linkRole.LinkToAttributeName = “roleid”;

//system users

LinkEntity linkSystemusers = new LinkEntity();

linkSystemusers.LinkFromEntityName = “systemuserroles”;

linkSystemusers.LinkFromAttributeName = “systemuserid”;

linkSystemusers.LinkToEntityName = “systemuser”;

linkSystemusers.LinkToAttributeName = “systemuserid”;

linkSystemusers.LinkCriteria =new FilterExpression();




EntityCollection collRoles = service.RetrieveMultiple(query);

if (collRoles != null && collRoles.Entities.Count > 0)            {

foreach (Entity _entity in collRoles.Entities)                {

if (_entity.Attributes[“name”].ToString().ToLower() == “{Your rolename}”                    {






How do I call this method :-

public void Execute(IServiceProvider serviceProvider)


IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));

IOrganizationServiceFactory factory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));

IOrganizationService service = factory.CreateOrganizationService(context.UserId);

          CheckUserRoles(service, context.UserId);


Hope it helps 🙂