Different users usually have different privileges when using MS Dynamics CRM. System administrator has all the privileges, and this user is usually the one that sets privileges for other users.

When you create new custom entity, only system administrator gets access by default. Other users must be enabled to read/write/execute this new entity. There are predefined security roles in MS Dynamics CRM, but new roles can also be created and adjusted to company’s needs.

Creating security role in Dynamics CRM

Go to: Menu/Settings/Security and in newly opened window, select Security roles.


This opens new window, that shows list of existing security roles. Creating new role can be done in two ways:



  1. Select new on the left top of the window (this creates new empty role that has to be customized)
  2. Select existing role, go to More Actions/Copy Role. This will take existing role, make a copy of it with new name, and then it can be customized further. If some roles have similar privileges, it’s easier to copy existing role and adjust it to new role.

In this case we are copying System Administrator role, and we will take some privileges off. Option 2 above will give us new window where we will insert name for new role.


In this new role, we will take off some privileges:


Some of the privileges shown on the image:

  • None selected: This is highest level of restriction, and user cannot do anything with this part of the CRM. Example above: Solution.
  • User: User can perform action on records that belong to him, records from other users that are shared with him, or that records belong to the team that this user belongs to. Example above: User Application Data.
  • Business unit: User has access on features and records that belong to the business unit that this user is in. Example above: System Job.
  • Parent: Child Business Units: User has access to all the records that belong to child units of the business unit this user belongs to. Example above: Reading privilege on Publisher.
  • Organization: access to everything that belongs to organization that user belongs to. Example above: Anything with full green dots.

Administrator can set up privileges in different areas such as: Sales, Marketing, Services, Custom entities, etc. as shown on the tabs on the top of the form.

After creating, setting and saving this new security role, administrator just has to assign it to the corresponding user that doesn’t have admin privileges.

Go to: Menu/Settings/Security and select Users.

Create new user or select existing user with no admin privileges, and go to Manage roles.


Check security role for selected user, and after that this user can log in with his account that has restricted access.


Note: since this is custom security role, make sure to include it into your solution before exporting it.

Go to: Solutions, open your solution, select Security Roles, go to Add Existing, find your security role, add it and save changes.



Good luck and never forget about security 🙂