Event Management Minimum Security Permissions

Sep 9, 2009 at 1:39 PM
Edited Sep 9, 2009 at 1:41 PM

This may have been posted some where else but I was unable to locate a post so I thought I would write something here.  If you do not want the user account the CRM Event Accelerator user controls run under to have the system admin security role, you will find it hard to locate a listing of the minimum security priveleges needed by the account the controls run under.  However, I have found that if you follow the instructions below you can create a new Security Role in CRM with the bare minimum of security priveleges the Event Accelerator web user controls need. 

  1. Created new Active Directory account and added AD account to CRM.
  2. Created a new security role in CRM that was copied from the System Admin. role and give it a name.  I called mine "Events Accelerator for Website" .  This is neccessary since there are hidden permissions that are not available through the CRM Security Role GUI and you want to be sure to include the these hidden permissions from the System Admin. role with this new Security Role.
  3. Remove all permissions from the newly created role, make sure you remove the miscellaneous priveleges that are located at the bottom of each tab too.  Save the role.  This leaves you with a "clean" slate to work from.
  4. Go to the Core Records tabs.  Give the following Permissions
    • Contact - Create, Read, Append To
    • Lead - Create, Read
    • Activity - Create, Read, Append, Append To
  5. Go to the Marketing tab.  Give the following Permissions
    • Campaign - Read, Write, Append To
  6. Go to the Business Management tab.  Make sure that each entity has the Read privelege.
  7. Go to the Customization tab.  Make sure that each entity has the Read privelege.
  8. Save the role.
  9. Go find the new AD user you added to CRM and give this account the newly create Security Role.
  10. Now just use this account as the value for the msa.CRMWebServicesUser key in the web config for the user controls and you will be able to use the controls with CRM user account that has the minimum needed permissions.