Troubleshooting Possible Security Issues – First Step

As a System Administrator you will be often confronted with error messages that can send you down a variety of troubleshooting paths.  Often times you get presented with message that implies it could be a security role issue. However, the information is sometimes so limited as shown in the message below that a user was presented with when opening an Account record.

Step #1 is to do a quick test to either confirm or reject whether you need to go down the security role path or not.

The following is a methodology for the first step determination. I have used it successfully over the years.

Initial System Setup

1. Copy the System Administrator Security Role and name it CRM Admin – No Delete.
2. Edit the new security role to remove the delete privilege for all entities and functions from all tabs.
3. This role is now ready to be used for security role testing by temporarily assigning it to a user that appears to be having a security related issue.

Security issue testing process

1. Initiate a screen share with the User.
2. Have them log out of CRM from both the browser and close Outlook.
3. From your desktop open up their User record in CRM.
4. Add the CRM Admin – No Delete role to their current roles.
5. Have them log into CRM either from the browser or launch Outlook and navigate to CRM.
6. Ask them to do the steps that will duplicate the issue they were having to produce the error message. They should do nothing else in the CRM system.
7. If the error doesn’t appear it is a security role/rights issue.
8. If the error still appears then it isn’t a security role issue.
9. Have them log off of CRM from the browser and/or close Outlook.
10. Remove the CRM Admin – No Delete from their User record.
11. Have them log back into CRM.
12. Close out the Screen Share.
13. Start your research on the solution may be to the security role root cause or other cause if not security.

Notes

1. Do not skip over step 10!
2. This presumes that they error they are getting is not related to their need/attempt to delete a record. Which is something that users shouldn’t be allowed to do anyway.