Reputation: 1333
How to find which entity that a security privilege is related to?
I'm modifying the security roles of a specific user to give him as minimal access as possible to do certain stuff only (assign security roles, create workflows, etc.) How can I determine the entity related to a security privilege?
For example, prvCreateBusinessUnit privilege is related to Business Unit entity. However, what about other privileges such as prvReadProfileRule? what entity is it related to?
I've two important information that may be helpful:
1-Privilege name
2-Privilege Id
Upvotes: 1
Views: 3101
Answers (3)
Reputation: 1
ReadProfileRule is the entity "Channel access profile rule" you can find this by opening role updater plugin in XRMToolbox, and searching the permission name "ReadProfileRule". it seems that this entity isn't appearing under security roles for some environments, but the permission can be added through role updater plugin in XRMtoolbox.
Upvotes: 0
Reputation: 22846
Your original plan is not going to be that simple.
user A cannot assign a Security Role to user B, if it gives user B privileges higher than has User A
Creating a security role to be able to only create roles and users without having system admin role
Each security role consists of record-level privileges and task-based privileges, former takes care of transaction data entries whereas later privileges are needed like Export to Excel", Data Import, Publish articles, etc.
Read more: Security roles and privileges (the latest documentation)
I would recommend you to build some custom .Net or Angular application to elevate your admins to do this action of assigning roles, etc and Impersonation can help to leverage the Service account for achieving it in background. Minimum HTML web resource can be used within Dynamics.
Another most important point:
Do not create a new security role from scratch. Copy an existing role and modify it. There are 580 pre-defined privileges, hence this is the better way of doing it and it also maintains consistency
Upvotes: 1
Reputation: 1718
By convention the name is prv[Privilege][Entity]
Here is a listing of all privileges and which entity they apply to:
https://learn.microsoft.com/en-us/previous-versions/dynamicscrm-2016/developers-guide/hh547441(v=crm.8)
prvReadProfileRule does not appear, where are you seeing that?
Update:
Minimum permissions to log into application:
https://www.inogic.com/blog/2016/11/minimum-privileges-required-to-login-microsoft-dynamics-365/
Minimum permissions to view account and contact records:
https://social.microsoft.com/Forums/en-US/f52f26e5-8684-4fd7-a89f-4dd34972c0ed/minimum-security-permissions-to-view-accounts-amp-contacts?forum=crm
Upvotes: 0
Related Questions
- Retrieve privileges using security role rather than using system user
- Dynamics CRM 2011 Security Role SQL query
- Get Share Account privileged account entities in CRM sdk
- MS CRM 2011: How to get the associated entity-name for a privilege
- How to query privileges specific to entity (without the ID of the entity record) using CRM 2011/2013 sdk?
- determine roles that have access to an item in Sitecore - in code
- Microsoft Dynamics 4.0 SDK Check If User Has Privilege
- How to get current user privileges in MS Dynamics CRM on server side
- How to check if Attribute of entity is "secured" only using crm 4.0 assemblies? (field level security)
- How to check security role of a user in crm 4.0?