Being one of the biggest fan and the most frequent daily user of XrmToolBox, always had this wish to write a plugin for it.
Thanks to Prashant Maurya (a dear friend and ex-Microsoft Employee) for making this wish come true. (Who played the major role in developing it).
The tool is called – User Security Manager.
The Plugin make it easy for the administrators to manage all the security related aspects of the system users. The tool also gives 360-degree information of the user in correspondence to business unit, security roles and teams.
In our current project we had around 180 users using the system divided into more than 50 business units, which involved frequent update of their business unit, changes in the security roles assigned, update in team assignment and also during testing we had to assign the same BU and roles to the test users in the org, which wasn’t that easy to do from the user interface.
So, the idea was to come up with a tool that will let an administrator to
- View all the security roles that assigned to the user either directly or through the team that the user is member of.
- View all the Teams the selected user is part of.
- With just a single click, remove all the security roles assigned to the user.
- With just a single click, remove user from all the teams that he is part of.
- Easily assign and unassign single or multiple security role to the user.
- Easily add or remove user from a single or multiple team.
- Change the Business Unit of the user.
User Guide: –
Load all the users
After connecting to the organization, we can click on Load Users to load all the system users of the organization.
List details of the user selected
- For the selected user, in User Detail Tab’s General section, we can get the general information of the user like First Name, Last Name, Title, Primary Email and Access Mode.
- Next to the General section, we can see all the security roles assigned to the user either directly or through the teams the user is member of.
- The Roles tab shows all the Roles assigned to the user and also the roles that are available in the business unit to which user belongs in Assigned and Available section along with their counts.
- The Teams tab shows all the teams user is member of and also the teams that are available in the organization in Assigned and Available section along with their counts.
Remove all security roles of the user.
To remove all the security roles of the user, click on Remove All Roles button.
Remove user from all teams.
To remove the user from all the teams, click on Remove All Teams button.
Assign Security role to the user.
To assign security role to the user, check the security roles from the available security roles section and click on “<<” button.
To remove security role from the user.
To remove security roles from the user, select the roles from the Assigned section and click on “>>” button.
Assign User to Team(s).
To assign user to team(s), select the teams from the available section and click on “<<” button.
Remove user from Team(s)
To remove user from Team(s), select the team from the Assigned Section and click on “>>” button.
Change the business unit of the user.
To change the business unit of the user, select the Business Unit from the Business Unit drop down in General Section of User Details.
Please install it, use it and share your feedback which would help us to improve it
https://www.xrmtoolbox.com/releases/
Hope it helps..
Nishant Rana's Weblog 
Reblogged this on Arvind's CRM Blog.
LikeLike
This is a very useful tool, but one thing that would make it 100x more useful is if it could synch up users and their security roles and team membership across two instances. So if you got everything right in your TEST instance, it could synchronize those changes to the PRODUCTION instance. It would have to match up role names and team names by string compare since the GUIDs are obviously not going to match up in different instances. Optionally could do that in a case-insensitive manner, ignore extraneous white space, etc.
As long as CRM has been around one would think Microsoft would have provided such a tool to simplify this task long before now. A glaring omission.
LikeLike
Thanks for your comments and suggestions. I am working on one such tool 🙂
LikeLike
Hi Nishant. I’m having trouble getting into Git Hub to report an issue. I love this tool, but have found some inaccuracy in the security report for several of my users, and I have been using this as a source for security reporting and auditing. Please review the below issue and let me know if this is a known issue or tips to troubleshoot:
ISSUE: When running the User Security Report, I am finding that sometimes BOTH should be listed (security role is assigned to both the Individual User directly and a Team), but only lists TEAM.
Ex. Base role is assigned to User and User’s Team, but showing as TEAM in the report. It is not the norm though, and is not consistent across users with the exact same security roles and teams. The only commonality I have been able to find is that those that list TEAM instead of BOTH have more than 1 team. Both the default business unit team and the additional owner team have the BASE role assigned, as well as the individual user.
LikeLike
I would love to see you be able to select MULTIPLE users and be able to remove all roles for that group of users all at once rather than having to click on each one and remove all roles. This used primarily in lower environments that users do not need access to, but roles come along with a refresh of environment. Need to remove all roles for 99% of the users – would love a multi-select user option.
LikeLike