Liquid is a great templating language adding flexibility to your Dynamics 365 Portal templates. However, as any abstraction, it hides some of the things happening under the hood, including some security filtering. Consider this fragment running on authenticated page: And… the count is 2 while expected to be the total number of contacts in this […]
Tip #1147: Revisiting Queues and Teams

Almost two years ago I wrote on the merits of using Teams vs Queues for managing Cases. While I stand behind what I wrote (Teams are simpler but Queues are more powerful) another element raised its head recently which is worthy of consideration if you are going down the path of setting up Case management. […]
Tip #1134: Moving Users Between Business Units

As discussed in 917, moving Users between Business Units can be difficult and, as Joel suggested in 935, a good option when setting up a new system is to add a child Business Unit from the outset and add all the Users there. In a recent implementation I did not do this (in my defence, […]
Tip #466: It’s not a privilege
Way back in Tip 226, we talked about the sitemap privilege tag that can be used to hide sitemap subarea links for users that don’t have a specific entity permission. One thing that you should know is that the privilege tag is not honored by Dynamics CRM mobile apps. The rule of thumb is that […]
Tip #305: Missing Users
After you CRM 2015 upgrade, the users, teams, and roles should now appear in the Settings area under “Security Management.” However, what should you do if the new security management section is missing? Create a solution containing your sitemap and export it out. Edit the sitemap and add the following subarea to the settings area: […]
Tip #166: Become role customizer ninja

If you frequently modify security role and your wrist hurts because of all tiny mouse movements, there are some undocumented explicit links on the role dialog that could make your life much easier. Clicking on the entity name (e.g. Account) will cycle all privileges for this entity (i.e. Create, Read, etc) through all access levels […]
Tip #165: 1:1 with security twist
Usability of 1:1 relationships stretches far beyond UI candy. They can become a very useful tool that secures parts of the same logical record. For example, financial services company might use account entity to hold information about their customers but due to Chinese walls within the company, investment manager should not be able to access […]
Tip #78: Business Owner CEO Business Manager

The CEO Business Manager security role in the CRM has broad rights, almost as much as the System Administrator Role. No matter how forcefully you are told, don’t give this role to the owner of the business who is probably also paying the bills. Why? Because most likely, this person is the one that was […]
Tip #57: Secure Real-time Workflow Execution

Executing real-time workflows has it’s own security setting. It is in addition to and separate from executing a background workflow. Open up the security role, move the Customization tab, scroll down to Miscellaneous Privileges and assign the appropriate scope.
Tip #29: Solve missing permission issues

Sometimes, especially when you upgrade CRM or you add new entities, one of your users may see an error message like this: This error means that the user’s security role is missing a permission required for the object they are trying to view or the action they are trying to do. In this example, the […]