The following table shows the default security roles Defined sets of privileges.The security role assigned to a user determines which tasks the user can perform and which parts of the user interface the user can view. All users must be assigned at least one security role in order to access the system. required to perform each task, and whether the task can be performed while using the Microsoft Dynamics CRM Online for Outlook offline. Because security roles may be customized, the table also shows the required privileges A user's rights to perform specific actions on specific record types or to perform tasks. Privileges are assigned by system administrators to security roles. Users are then assigned security roles. Examples of privileges include Update Account and Publish Customizations..
Tasks Related to Running Reports
Default Security Roles and Required Privileges
Can Task Be Done Offline?
Export to Excel
Security roles: Any
Privileges: Export to Excel A privilege required to export data from a list to Microsoft Office Excel. This privilege is on the Business Management tab in Security Roles.
Yes
Run any report that is available to all users
Security roles: Any
Privileges: Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.
A report must be in a filter A filter available in Microsoft Dynamics CRM Online for Outlook that determines what data is available offline and stored on the local computer. in order to be viewed offline. By default, only reports that you own are included in a filter.
Offline reports only include records that have been saved as local data Data that is available offline and stored on the local computer..
When offline, to print a report, you must first export it to a Web Archive A report that is saved as a Web page and its supporting files. file, and then print it.
Tasks Related to Adding Reports
Default Security Roles and Required Privileges
Can Task Be Done Offline?
Add a report for your own use by using the Report Wizard
Security roles: Any
Privileges: Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role., Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
No
Add a Web link or other file type report for your own use
Security roles: Any
Privileges: Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.: Create A privilege required to create a new record. Which records can be created depends on the access level of the permission defined in your security role., Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
No
Add a Web link or other file type report for all users
Security roles: System Administrator, System Customizer
Privileges: Publish Reports A privilege required to make a report available to all Microsoft Dynamics CRM Online users. This privilege is on the Core Records tab in Security Roles.
Security roles: System Administrator, System Customizer
Privileges: For a personal report:
User User An access level that lets the user work with record types they own, record types that are shared with the user, and record types that are shared with the team of which the user is a member. For example, if a user is assigned the User access level on the Read privilege for Account records, the only accounts that can be read are those that are owned by or shared to the user. Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.,Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. on the Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.
For an organization-owned report:
Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role.,Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. on the Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.
No
Share a personal report with other users
Security roles: Any
Privileges: Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.: Share A privilege required to give access to a record to another user while keeping your own access. Which records can be shared depends on the access level of the permission defined in your security role.
No
Make a personal report available to everyone in the organization
Security roles: System Administrator, System Customizer
Privileges: Publish Reports A privilege required to make a report available to all Microsoft Dynamics CRM Online users. This privilege is on the Core Records tab in Security Roles.
No
Edit a default report filter for a Reporting Services Report
For a personal report:
Security roles: Any
Privileges: Report record: User User An access level that lets the user work with record types they own, record types that are shared with the user, and record types that are shared with the team of which the user is a member. For example, if a user is assigned the User access level on the Read privilege for Account records, the only accounts that can be read are those that are owned by or shared to the user. Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
For a report available to everyone in the organization:
Security roles: System Administrator, System Customizer
Privileges: Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.: Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role.
No
Download a report
Security roles: System Administrator, System Customizer
Privileges: Read A privilege required to read a record. Which records can be read depends on the access level of the permission defined in your security role. on the Report record type A record type whose privileges control permission to run, create, and manage reports. This record type is on the Core Records tab in Security Roles.
Publish Reports A privilege required to make a report available to all Microsoft Dynamics CRM Online users. This privilege is on the Core Records tab in Security Roles.
Security roles: System Administrator, System Customizer
Privileges: Organization Organization An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access. Write A privilege required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. on the Organization Settings record type A record type whose privileges control permission to access and modify any of the Organization-level settings in the Settings area, including business units, users, teams, and their security roles and licenses. This record type is on the Business Management tab in Security Roles..
An access level that lets the user work with record types they own, record types that are shared with the user, and record types that are shared with the team of which the user is a member. For example, if a user is assigned the User access level on the Read privilege for Account records, the only accounts that can be read are those that are owned by or shared to the user. 
An access level that lets the user work with all record types within the entire organization, regardless of the business unit hierarchical level to which the entity or user belongs. Users who have Organization access automatically have Parent: Child Business Units, Business Unit, and User access.