I am a Microsoft Dynamics 365 & Power Platform aspects engineer Rayong, Microsoft Most Valuable Professional is the July 2015 to June 2018 for three consecutive years Dynamics CRM / Business Solutions aspects (Microsoft MVP), I welcome the attention of the public micro-channel number MSFTDynamics365erLuoYong, or 20,191,104 reply 374 may facilitate access to this article, but you can get the latest information I Bowen issued in the first room, follow me!
We know that at least a Dynamics 365 users to be granted a role will it be possible to log Dynamics 365, then the role which authority it should have at least? Local Deployment version I used here is the Microsoft Dynamics 365, version 1612 (9.0.7.8) (DB 9.0.7.8) (local) to verify.
I have a new role at the root business unit, named Mini Role
I will grant that role only read access to the user (systemuser) entity, then this role will grant me a new user, the user has only this role.
I then use this user to login Dynamics 365, it should be given, as follows:
Press F12, an error can see part of the request, as follows:
In particular see the return of the two requests, you can know the lack of authority prvReadSystemForm and prvReadUserEntityUISettings. How to find the corresponding power? There are official documents Security Role Mapping Privilege to the UI . From this document may know, prvReadSystemForm corresponds to [Custom] in [Tab] read permission form system entities.
prvReadUserEntityUISettings 权限对应的是【核心记录】Tab中【用户实体UI设置】的读取权限,实际上还应该给予角色对这个实体的创建、修改权限(prvCreateUserEntityUISettings 和prvWriteUserEntityUISettings)。
因为首页要打开仪表盘,也报错,/_common/error/errorhandler.aspx?BackUri=https%3a%2f%2fdemo.luoyong.me%2fmain.aspx&ErrorCode=0x80040220&Parm0=%0d%0a%0d%0a%e9%94%99%e8%af%af%e8%af%a6%e7%bb%86%e4%bf%a1%e6%81%af%3a%20Principal%20user%20%28Id%3dc7345a98-11ff-e911-a85b-000d3a6f652b%2c%20type%3d8%29%20is%20missing%20prvReadQuery%20privilege%20%28Id%3d902d70d3-2ff8-4d93-92f9-8efdcf889af8%29&RequestUri=%2fworkplace%2fhome_dashboards.aspx%3fsitemappath%3dSFA%257cMyWork%257cnav_dashboards%26pagemode%3diframe&user_lcid=2052 ,这个翻译过来就是 错误详细信息: Principal user (Id=c7345a98-11ff-e911-a85b-000d3a6f652b, type=8) is missing prvReadQuery privilege (Id=902d70d3-2ff8-4d93-92f9-8efdcf889af8)&RequestUri=/workplace/home_dashboards.aspx?sitemappath=SFA%7cMyWork%7cnav_dashboards&pagemode=iframe&user_lcid=2052" .
prvReadQuery 对应【自定义】Tab中的【查看】的读取权限。
如果要看到活动,请授予【核心记录】tab中【活动】实体的读取权限。
一般应该授予用户能查看及更改自己的选项,需要则需要授予【业务管理】Tab中【用户设置】的读和写权限(prvReadUserSettings 和 ):
还需要授予【自定义】中【Web资源】、【关系】、【字段】、【实体】、【实体键】、【选项集】的读取权限。
还需要授予【自定义】Tab中【流程】实体的读取权限。
若是提示缺少 prvReadComplexControl 权限,需要授予【自定义】Tab中【流程配置】的读权限。
因为表单默认有公告(Post),所以最好还授予对【核心记录】这个Tab中【公告】实体的读取权限,因为有两个公告,这里用到的是没有写权限可以设置的那个【公告】实体。
如果要可以使用如下所示的公共图表:
需要授予角色对【自定义】Tab中【系统图表】的读取权限。
一般还应该授予用户prvReadTraceLog权限,对应于【核心记录】Tab的【跟踪】实体的读取权限。
要让公告实体好用,还需要对【核心记录】Tab中【关注】实体(postfollow)的读取权限。【自定义】Tab中【筛选器】实体的读取权限(prvReadmsdyn_wallsavedqueryusersettings),【留言板视图】实体的读取权限,【核心记录】中【操作卡】实体的读取权限,
如果用户需要自己能创建私有视图,则需要【核心记录】Tab中【已保存的视图】实体(UserQuery) 有读和创建权限。
如果要能自己创建和读取【用户图表】实体(UserQueryVisualization) ,则需要对【核心记录】Tab中【用户图表】实体有读和创建权限。
若是需要对【用户仪表板】实体(UserForm),则需要对【核心记录】Tab中【用户仪表板】实体有读和创建权限。
若用户需要有导出数据到Excel的权限,就需要授予【业务管理】Tab中【导出至Excel】这个权限,值得注意的是这个权限是个杂项权限,没有与某个实体关联。
