What is the most frustrating point for me is the fact, that sometimes you have to grant privileges that do not make any sense.
My recent experience with this can be helpful for anyone. I was setting up CRM online 2016 for one customer and they are using just accounts, contacts, opportunities and cases.
I was trying to hide all unsed entities by modifying the security roles. However, the users were not able to create new opportunities :-(
The SDK for Microsoft Dynamics CRM 2016 says that for creating opportunity you need to have these:
However, this is not correct, because users were still not able to create opportunities.
The first error was:
<Message>Principal user (Id=, type=8) is missing prvReadProduct privilege (Id=60d420ca-7a88-4c0d-8286-c425b527fa98)</Message>
So I added the read privilege for Product, but why is it required? There are no products in the CRM!
Then the CRM said: <Message>Principal user (Id=, type=8) is missing prvReadConnection privilege (Id=919f6df3-97bf-4897-82f1-9d67749eab3a)</Message>
So I had to add a read privilege for Connection entity. Again I ask why? There are not connection in the CRM and we don't want to use.
I only wish that things like this would be in the documentation, it would save so much time when customizing the CRM.
Happy CRM day,