Privileges by entity
Updated: November 29, 2016
Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online
Microsoft Dynamics 365 and Microsoft Dynamics 365 (online) ship with a set of predefined roles that reflect common user roles with access levels defined to match the security best-practice goal of providing access to the minimum amount of business data required for the job. You can also create custom roles. Each role is associated with a set of privileges that determines the user's access to information within the company. These privileges determine what actions a user with that security role can perform on entities. For more information, see How role-based security can be used to control access to entities in Microsoft Dynamics 365 and How record-based security can be used to control access to records in Microsoft Dynamics 365.
The following table lists the types of privileges that are referred to from the following entity/privilege reference.
Privilege | Description |
Create | Create a record. |
Read | View a record. |
Write | Make changes to a record. |
Delete | Delete a record. |
Append | Associate a record to another record. |
Append To | Associate entity record to this record. |
Assign | Transfer record ownership to another user. |
Share | Give access to a record to another user while keeping your own access. |
Reparent | Assign a different parent to entity record. |
These topics list the privileges available for each entity.
The following fetch query will return all privileges in the system, for each role.
<fetch version='1.0' mapping='logical' distinct='false'>
<entity name='roleprivileges'>
<attribute name='privilegeid'/>
<attribute name='privilegedepthmask'/>
<link-entity name='role' alias='roles' to='roleid' from='roleid' link-type='inner'>
<attribute name='name'/>
</link-entity>
<link-entity name='privilege' alias='privileges' to='privilegeid' from='privilegeid' link-type='inner'>
<attribute name='name'/>
<attribute name='accessright'/>
<attribute name='canbebasic'/>
<attribute name='canbedeep'/>
<attribute name='canbeglobal'/>
<attribute name='canbelocal'/>
</link-entity>
</entity>
</fetch>
Related Sections
Microsoft Dynamics 365
© 2016 Microsoft. All rights reserved. Copyright