How to provide assign permission to a user with perticular Security Role

Question

Hi Community,

I have a requirement where the user should be only have create and modify a user.

For this, i have created a role and assigned it to a new user. Now the new user is logged in and created a new user and tries to add the existing security role to a new user. But it is giving error "The logged-on use does not have the appropriate security permission to view these records or perform the specific action."

Can anybody suggest me what could be the problem ?

Appreciate your time and Thanks in Advance.

Answer 1

It is recommended that you copy an existing security role and then adjust the permissions on the newly copied role to meet your needs, then assign it to the user.

---

MSCRM Bing'd - http://bingsoft.wordpress.com

Check out the CRM 4 to CRM 2011 JavaScript Converter Tool

CRM Forum Guidance on how to Help Us Help You

Answer 2

Hi

On the new role make sure that you have give full permissions to the following on Business Management Tab.

Settings -> Administration -> Security Roles -> <Select your role> -> Business Management tab

set the following

Entity

User Reparent to level you want

 

Next Under Miscellaneous Privileges

Assign Role should be set for the role to be able to assign roles.

---

Hope this helps. Amar

CRM Forum Guidance on how to Help Us Help You

Answer 3

Hey Kanhu,

I've recently been digging into this issue as well. It looks like it's a known fix and depending on the rollup on your on it may not be applied. I found the following hot fix:

976188  (http://support.microsoft.com/kb/976188/ ) You cannot assign roles to a user even though you have the Assign Role privilege in Microsoft Dynamics CRM 4.0

I believe if you installed this it should work. Most of the suggestions I've seen however are exactly what RhettClinton stated, copy an existing security role and modify it to fit your needs. This way the approipate permissions are applied.

---

Jason Cosman

Answer 4

Also, if you want to dynamically get your roles, using JavaScript, you may use fetchxml:

<fetch mapping="logical">
<entity name="role">
<attribute name="name" />
<link-entity name="systemuserroles" from="roleid" to="roleid">
<filter>
<condition attribute="systemuserid" operator="eq-userid" />
</filter>
</link-entity>
</entity>
</fetch>

---

Cornel Croitoriu - Senior Software Developer - www.Biz-Forward.com

Answer 5

Hi Community,

I have a requirement where the user should be only have create and modify a user.

For this, i have created a role and assigned it to a new user. Now the new user is logged in and created a new user and tries to add the existing security role to a new user. But it is giving error "The logged-on use does not have the appropriate security permission to view these records or perform the specific action."

Can anybody suggest me what could be the problem ?

Appreciate your time and Thanks in Advance.

Actually thanks for the suggestions and i found one the Workaround for my requirement:

 

1. Create the New Security role with name like “Role to add Users”.
2. Add a button on the User creation form to Manage Role.
3. This button will be visible when below two conditions are true:
   1. New user record is saved.
   2. Logged in user (User who is creating the New User) Contains the Security role “Roles to add User”
4. On click of this button it will open the “Manage Role” window which will run on the elevated permissions.
5. On Selecting the role, it will check the users existing role and if the user contains the Security role equals to “Role to add User”, it will prevent the users to add role to himself.
6. Else it will add the role to newly created user.

For this purpose we need to add button on the ISV and call functionality through the JavaScript or Custom code

 

Now, i want to know how i can open a manage role popup with elevated permission to get the security roles ?

 

Thanks in advance.

Answer 6

Make sure that the following permission are granted in the security role.

1. Assign Role previlage in Bussiness management tab.
2. Organization level Read access for System User entity.
3. Organization level Read access for User Settings entity.
4. Organization level Read access for Role entity.
5. Append and Append To previleage in System User.

If you are still unable to perfrom Assign Role then the below link will help you.
http://support.microsoft.com/kb/976188/

A) On the Microsoft Dynamics CRM 4.0 server, click Start, click Run, type regedit, and then click OK.
B) Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
C) Right-click MSCRM, point to New, and then click DWORD Value.
D) Name this DWORD value AllowRoleAssignInAdminMode.
E) Right-click AllowRoleAssignInAdminMode, and then click Modify.
F) In the Value data box, type 1, and then click OK.
G) On the File menu, click Exit.

 

Answer 7

Hello Vinoth,

Appreciate your time.

I performed below steps;

1. Created user-1 and Security Role with above permissions with Admin role.

2. Assigned the new security role to user-1.

3. Logged in with user-1 and created another user-2 and tried to assign a role. Here it is failing with the error "The logged-on use does not have the appropriate security permission to view these records or perform the specific action."

And also updated the rollup 15 and followed steps in regedit.

It didn't work for me.

Thanks you verymuch.

 

Answer 8

Hi Kanhu

Make sure that "Access Mode" (in user record) for the user "User-1" is set at "Administrative"

I hope in your case it is set as "Full", change it to "Administrative" and try to assign role from User-1 to User-2.

Let us know whether this helps.

Regards
Vinoth

Answer 9

Hello Vinoth,

This worked for me.

I set the "Access Mode" to "Administrative" for User-1 and am able to assigne the roles to User-2 with User-1 Login.

Thanks you Verymuch.

Answer 10

Hi,

Need a quick help....with this minimum privileges we are able to create new users, modify the security roles of existing users...but changing the business unit is not allowed....did any one come across this case?

Error: You do not have enough privileges to access the Mircrosoft Dynamics CRM Objects or Perform the requested operation.

Answer 11

Hi Vinoth,

we have requirement where one user A should be able to assign all security roles to other users,even when user A does not have all those security role assigned to himselft,we did registry changes for 4.0 and it worked ,but now we have upgraded to 2011 and its not working.

Please help

Thanks

Savita