Tip #702: How to tell apart system roles and their clones

Role play and theater masksIt’s been a while since we had a truckstop but
Larry “Tex” Lentz keeps asking questions on behalf of some mysteryous “students”. Let’s stop and listen.

How can one tell if a security role is a copy and which role it’s a copy of?

Feridun “Best Twitter Handle for CRM MVP” Kadir closed the discussion in one sweet move

I don’t think you can. It’s not like the original role was a template.

But then it all went off the rails: “The copy is I think no different than creating a new role and configuring it to be the same as another one.” (Same?! I’ll let this delusion slide, – t.j.)

Chris “Mr ADFS” Cognetta joined the party with some good ideas, sadly only applicable in your own backyard, a.k.a. on-premises

Look at createdon date in DB to see when it was made. Originals have the installed or prior date. Any after is a copy.

That was followed by a long list of recommendations how to retrieve and interpret the roles by none other than Mitch “Only in Texas” Milam. We’ll save that one for another day.

Jerry “I’m still in Kansas” Weinstock closed it nicely with a best practice recommendation

When copying roles always modify the new role name by adding the company name to the role.

For example, you’ll have Salesperson and then you’ll have Acme Salesperson. Nice and clean.

Tweet about this on TwitterShare on Facebook2Share on Google+0

One thought on “Tip #702: How to tell apart system roles and their clones

  1. AdamV says:

    I agree with Chris that the Created On date is pretty definitive – even if you have to look at the time portion because the copies were made on the day you installed CRM.
    Perfectly valid to add this column to an Advanced Find view of Security Roles, regardless of deployment type (so don’t look in the DB just use the UI).
    To take Jerry’s tip further, I often create a saved personal view to show all users who have any Security Role that does not begin with the company name (and another excluding system administrator, system customiser and support user roles explicitly). So all your amended, tried, tested, approved roles have the company name and I want to know who, if anyone, has anything that is not one of these roles.

Leave a Reply

Your email address will not be published. Required fields are marked *