The other day I received an e-mail that led me to a fun-to-solve problem with one of our MS Dynamics CRM 4.0 installations. A user informed me that they could see the Imports section within the workplace just fine, but no New button. A quick check of the security roles and a double check using a test account latter and there it was, or is it better to say there it wasn't. No New button on the Imports page.
First thing to check was the test account. It goes around quite a bit, and it changes Business Units and security roles quite often. One thing to remember is that rarely security roles will not apply properly, so you can remove and reapply all security roles to that system user. In some, even more rare, cases you will need to disable, enable and reapply the roles to the user.
And that wasn't it in this scenario, since my test user still didn't get the coveted button.
The next likely culprit was the security role itself. As soon as my brain decided to work I realised where the problem was. In this implementation the security is pretty tight, meaning that the end users are not allowed to delet almost anything. That included turning off the deletion for Data Import and Data Map entities. Lack of those permissions will result with the users unable to create new Data Import records. The solution is to give the requiered role the user scope for deletion of both the Data Import and Data Map.
Fortunately for me I did so much work with CRM security I needed more coffee to remember this. But remembering my first steps with Dynamic CRM I wish it included even more documentation on security, and SharePoint's smart security settings (when you turn a setting on, SharePoint automatically checks all additional required permissions).