Tip #283: Create a limited customizer role

In most deployments, users who need to manage customizations in an environment are granted the System Administrator or System Customizer role. This gives them the ability to create or edit entities, relationships, fields, views, charts, dashboards, the whole enchilada.

But what if you want a nibble of the enchilada?

Not all customizations carry the same severity. For example, adding fields, customizing forms, or removing relationships are major customizations that can seriously impact the success of your deployment. But something like creating new system charts is not such a major thing. Sure you might get a lot of charts in the system, but everybody will live.

So what if you want to have a chart administrator that can edit or create new system charts, but you do not want him to be able to change other customization?

This recently came up for me in a deployment using CRM for Tablets, as shared personal views and charts are not available from the tablet app (which I talk about in my book “The CRM Mobile Survival Guide.” Use “FriendofJoel” at checkout for a discount on the paper version.). Since the chart admin was not a system administrator, and the personal charts that he shared with other users weren’t available from the tablet, we wanted to grant him the ability to create system charts but not touch other customizations.

1. Create a role called “Chart Admin.” I recommend making this a small role to be used along with the users main base role, rather than trying to add every other permission that he will need to this role. Just create an empty role.

2. On the customization tab of the security role definition, give the user the following permissions: Read for solutions and create, read, and write for charts.

3. Give the user the new role.

Screenshot 2014-12-03 08.31.30

The user will now be able to create new system charts without being able to modify other customization components. The read privilege is required for the “customize the system” link to be available. You could do the same thing for views by granting the users permission to the “View” entity.

Note that system charts and views do not require that customization be published before they become available to users. This means that the user won’t require the publish customization permission, and won’t be disrupting users by publishing customization while they are updating charts.



2 thoughts on “Tip #283: Create a limited customizer role

  1. Kyle A. says:

    While they will become immediately available upon creation, I do not believe system views will be updated (when edited) until published — is that true for charts as well?

    • Joel Lindstrom says:

      Good point Kyle. You are right. I have also subsequently learned that view and chart changes/adds don’t show up on the tablet app unless you publish.

Leave a Reply

Your email address will not be published. Required fields are marked *