Create or edit a security role

Before editing a security role, you should understand data access. More information: Controlling Data Access

In the Navigation Pane, click Settings, click Administration, and then click Security Roles.
To edit a security role, double-click it.

- OR -

To create a new security role, the recommended way is to copy an existing security role and modify it. Under More Actions, select Copy Role. Or, on the Actions toolbar, click New, and on the Common tab, type the name of the security role.

Tip

You cannot modify the System Administrator security role. To create a security role similar to the System Administrator security role, copy the System Administrator security role, and make changes to the new role.
Set the privileges on each tab.

To change the access level for a privilege, click the symbol until you see the symbol you want. The possible access levels depend on whether the record type is organization-owned or user-owned.

Tip

To cycle through the access levels, you can also click the privilege column heading, or click the record type multiple times.
Click Save or Save and Close.

Important

These privileges are viewable, but are for internal use only and should never be modified:

Application File, Business Unit Map, Client Update, Commitment, Competitor Address, Dependency Mode, Indexed Article, E-Mail Hash, E-Mail Search, Filter Template, Import Data, Integration Status, Internal Address, Inter Process Lock, Notification, Organization Statistic, Organization UI, Owner, principalattributeaccessmap, principleobjectaccess, Privilege Object Type Code, Promote User to Microsoft Dynamics CRM User Administrator Role, Resource Expansion, Ribbon Command, Ribbon Context Group, Ribbon Difference, Ribbon Rule, Ribbon Tab to Command Mapping, Role Template, Sales Process Instance, Sdk Message Pair, Sdk Message Request Field, Sdk Message Response, Sdk Message Response Field, Status Map, String Map, Subscription, Subscription Clients, Subscription Synchronization Information, Tracking information for deleted entities, Turn on Tracing, SystemUser BusinessUnit Entity Map, System User Principal, Unresolved Address, UserEntityInstanceData, User Entity UI Settings, User Fiscal Calendar, Web Wizard, Web Wizard Access Privilege, Wizard Page, and Workflow Wait Subscription.

Modifying these privileges in any way can cause unexpected and undesirable behaviors in the application. More information: Microsoft Dynamics CRM 2011 Entities, Security Role and Privilege Reference, and Microsoft Dynamics CRM Security Model.

Note

If you need to back up your security role changes, or export security roles for use in a different implementation of Microsoft Dynamics CRM, you can export them as part of exporting customizations. More information: Export a Solution
It's helpful to keep in mind the minimum privileges you need to define for some common tasks. These include:
- When logging in to Microsoft Dynamics CRM:
  - To render the home page: prvReadWebResource, prvReadCustomization
  - To render an entity grid (that is, to view lists of records and other data): Read privilege on the entity, prvReadUserSettings, prvReadQuery
  - To view single entities in detail: Read privilege on the entity, prvReadSystemForm, prvCreateUserEntityUISettings, prvReadUserEntityUISettings
- When logging in to Microsoft Dynamics CRM for Outlook:
  - To render navigation for Microsoft Dynamics CRM and all Microsoft Dynamics CRM buttons: prvReadEntity, prvReadQuery
  - To render an entity grid: Read privilege on the entity, prvReadCustomization, prvReadWebResource, prvReadUserQuery
  - To render entities: Read privilege on the entity, prvReadSystemForm, prvCreateUserEntityUISettings, prvReadUserEntityUISettings, prvWriteUserEntityUISettings