Let’s say you work for a company that uses CRM 4.0, you did not upgrade to 2011,  and you now are moving to CRM 2013. If you use custom security roles (and most people do), I recommend recreating your custom security roles.

Many new privileges were added in CRM 2011, and even more were added in CRM 2013. if you use standard roles, these new permissions are automatically added to your roles; however, if you use custom roles, these privileges are not added to the roles. If you continue to use your existing security roles, you are in for many “access denied” permissions surrounding privileges, tablet apps, processes, and other new features.

Updating a custom role when moving one version is a challenge. Updating a custom role when moving two or more versions can sometimes be more trouble than it is worth.

1. Start with a standard role with minimal permissions, such as the Salesperson role.
2. Copy the role, creating a new custom role.
3. Open your existing security role and snap to the left side of the screen using windows key + left arrow.
4. Open your new custom security role and snap to the right side of the screen using windows key + right arrow.
5. Update the new role to match the entity level permissions on the Core Records, Marketing, Sales, Service, and Custom Entity tabs.
6. On the bottom of the Core Records tab, verify new permissions around auditing are enabled if desired.
7. On Business Management tab, leave the settings for CRM for Phones and CRM for Tablets and Field Security set, unless you specifically need to disable them.
8. Leave the Customization tab as it is by default in the new role. Since we copied a role that has no customization permissions, this will not make your users system customizers, but will verify that they have the correct settings to view the new metadata components.

By doing this your users will have what they need to use the new features and also will eliminate the majority of the role related issues upgraders experience with CRM for tablets.