Dynamics 365 Apps security roles and other security considerations

I have recently built a few Microsoft Dynamics 365 Apps for a Dynamics 365 CRM Solution. I personally found the whole Dynamics 365 Apps idea to be brilliant as it does remove a lot of the clutter / noise / unnecessary entities, buttons, etc. that users don’t need. These are then replaced with a single App that only has what a user requires for their day to day operations. For example, a CRM call centre user will have an App that only shows the entities, forms, dashboards, business process flows, etc. that they need and nothing more. This provides a greater customer experience and higher user adoption and engagement (I saw this first hand).

Back to the subject of the post! Dynamics 365 Apps security can be applied using security roles as follows (source: :

  1. Go to Settings > My Apps.
  2. In the lower right corner of the app tile you want to manage access for, click the More options button , and then click Manage Roles.
  3. In the Manage App dialog box, Choose whether you want to give app access to all security roles or selected roles.
  4. Roles. If you choose Give access only to these roles, select the specific security roles (Important: see point “a” below)
  5. Click Save and
  6. Finally, re-publish your App (the last step is optional).

Sounds simple, correct? Well, there are a couple of “Gotcha” considerations that you have to be aware of:

a. Any security role that you choose from the list of roles that can access an App, MUST (I repeat MUST) have the “Read App” privilege. You can check that by opening the required security role and navigate to “Customizations” and you will see the “App” privilege in the first line under security role -> customisations. This is really important:

b. You can hide the “Custom” app which is basically the original conventional Dynamics CRM standard access app to all security roles (except to administrators) by clicking on “Hide for all Roles” on the “Custom / Full” App. This makes this app disappear from the left hand list of available Apps to standard users. However, if the user types in the standard CRM url they will still be able to access it, yet with limited data access based on their security roles. For example, if a user typed in: https://yourcrminstance.crm4.dynamcis.com they will access the custom / full app. You should always make sure your users only use the Apps in this case so for example:


Finally, we all know that this great new features, Dynamics 365 Apps, is still a brand new capability so it will continue to evolve and improve in the upcoming releases – so watch this space!

Hope this helps.


#MSDyn365 Possible issue with Notes on Dynamics 365 CRM latest version

This post is a bit unconventional. I’m facing an issue on the new Dynamics 365 latest build that I’m not sure if it is a real issue or is it something on my side! Here is what I have:  a brand new CRM sandbox instance that I have reset to be built on version Dynamics 365. I create 1 custom entity called Test and I add only Notes to this entity – no activities, just notes.

I create a new record from entity Test and the record is created fine. Close this record and I try to reopen it, then I get the Notes section without the small rectangular area “Enter a note” which we use to create a new note! i.e. I cannot create a new note. I try to refresh the page few times but still doesn’t show (except with IE after few times – read further below)

This is what I get:

While what I should get is this:

The error shows on all browsers: IE, Edge, Chrome and Firefox except that with IE, after I click refresh (F5) several times it works, and I get the “Enter a note” box. I usually need to click refresh at least 3 times for it to work with IE. With all other browsers, the problem persist and I cannot create a new note regardless of how many times I click refresh.

To minimise the cause of the issue, I tried this again on a new and different CRM instance which is also a sandbox Dynamics 365 that I have just reset and then add a simple new custom entity with notes only.

The workaround I found so far is that if you add activities to the entity, so that the entity has notes and activities, then the social pane shows fine with the correct Notes box to create new notes. However, any custom entity that only has notes, you cannot create a new note from any browser except IE if you click refresh few times. Also when you first create the entity, you can create a note first time. However, try to close this record and re-open it and the problem starts to appear.

Finally, to minimise any other cause, I tried to access both instances from a completely different computer and it is exactly the same behaviour as above.

Is anyone else having the same issue or heard of this being reported to Microsoft?

I got some feedback confirming the same issue on the Dynamics CRM Community portal:  https://community.dynamics.com/crm/f/117/p/223202/601756

Any comments or feedback are much appreciated.