Share via


Access rights

An access right is a right granted to a user for a particular object.

There are a number of access rights that a user can have on an object. The following table provides a description for each one.

Access rights Enumeration name Description
Read CRM_ACCESS_READ Controls whether the user can read an object.
Write CRM_ACCESS_WRITE Controls whether the user can update an object.
Assign CRM_ACCESS_ASSIGN Controls whether the user can assign an object to another user. See Assigning objects for more information.
Append CRM_ACCESS_APPEND Controls whether the user can attach another object to the specified object. The Append and Append To access rights actually work in combination with each other. Each time a user attaches one object to another, the user must have both of these rights. For example, when you attach a note to a case, you must have the Append access right on the case and the Append To access right on the note for the operation to work.
Share CRM_ACCESS_SHARE Controls whether the user can share an object with another user or team. Sharing allows another user access to an object. See Sharing for more information.
Append To CRM_ACCESS_APPENDTO Controls whether the user can append the object in question to another object. The Append and Append To access rights work in combination with each other. Each time a user attaches one object to another, the user must have both of these rights. For example, when you attach a file to a note, you must have the Append access right on the note and the Append To access right on the file attachment in order for the operation to work.
Delete CRM_ACCESS_DELETE Controls whether you can delete an object.

Creating objects

The right to create an object is not included in the preceding table because this right does not apply to an individual object, but rather to a class of objects. As a result, Create is handled as a privilege instead of as an access right. The user who creates an object will by default have all rights on that object, unless his or her other privileges forbid a specific right.

The Create privilege controls whether you can create an object. You can have the Create privilege with Local, Deep, or Global access level, and you will be able to create objects for others. However, you can create objects for yourself only if you have Create and Read privileges.

For more information about dependencies that relate to create privileges, see Security Dependencies.

© 2005 Microsoft Corporation. All rights reserved.