Dynamics CRM platform uses a role-based security model to give users access to records and features. By default there are 15 Security Roles that comes as part of CRM 2013 installation.

Security Role is created in and remains in the Business Unit. Selecting a Business Unit is mandatory while creating a new Security Role. Users and Teams can only be assigned to a Security Role in their own Business Unit.

All of the child Business Units get copy of the parent Business Unit’s Security Role, and the copied roles are referred to as Inherited Roles.

Of the 15 Security Roles that come out-of-box all of the default roles can be modified except for System Administrator role. Some of the properties of System Administrator role include:

• The role provides all privileges (actions) to all entities and features at the Organization level.
• For all of the custom entities added the System Administrator and System Customizer roles are automatically granted privileges.
• There has to at lease one user at the Sys Admin role in CRM organization.