Limiting Security Role Assignment

TheMSsForum.com: The Microsoft Software Forum

My question regards the ability of an administrator to assign the System
Administrator security role to any user.

We want to give select users the ability to manage the business users for
our CRM instance. This includes creating user records, and assigning various
security roles to them. However, we don't want the person with this role to
have the ability to customise CRM forms and suchlike.

It seems though that we cannot prevent anyone with the the Assign Role
privilege from being able to assign any role (including System Administrator)
to anyone they wish, including themselves. Is there any way to reduce the
risk of this, by restricting the ability of a business administrator to only
assign roles of equal or lesser power than they already have?
Top

Re: Limiting Security Role Assignment by mauriceultee

mauriceultee
Fri May 09 04:19:24 CDT 2008

On 9 mei, 08:14, Sean McK <Sean M...@discussions.microsoft.com> wrote:
> My question regards the ability of an administrator to assign the System
> Administrator security role to any user.
>
> We want to give select users the ability to manage the business users for
> our CRM instance. This includes creating user records, and assigning various
> security roles to them. However, we don't want the person with this role to
> have the ability to customise CRM forms and suchlike.
>
> It seems though that we cannot prevent anyone with the the Assign Role
> privilege from being able to assign any role (including System Administrator)
> to anyone they wish, including themselves. Is there any way to reduce the
> risk of this, by restricting the ability of a business administrator to only
> assign roles of equal or lesser power than they already have?

Sean,

I have encountered the same problem you describe here.
I contacted Microsoft about it and they came up with a hotfix.
The hotfix is only for Microsoft CRM 3.0
I do not know if this problem does also occur in MS CRM 4.0

Link:
http://support.microsoft.com/kb/941862

I hope this solves your problem!
Top

Re: Limiting Security Role Assignment by SeanMcK

SeanMcK
Sun May 11 19:06:01 CDT 2008

Thanks Maurice,

Yes, I think this will solve the problem. We have CRM 3.0, and I'll check if
Update Rollup 3 is installed.

The apparent necessity we had not considered was to put the business users
into a child business unit below that of the System Administrator role. Up to
this point, we did not see the need for multiple business units in our
implementation.

Cheers,

Sean

"mauriceultee@netscape.net" wrote:

>
> Sean,
>
> I have encountered the same problem you describe here.
> I contacted Microsoft about it and they came up with a hotfix.
> The hotfix is only for Microsoft CRM 3.0
> I do not know if this problem does also occur in MS CRM 4.0
>
> Link:
> http://support.microsoft.com/kb/941862
>
> I hope this solves your problem!
>
Top