The sitemap of Dynamics CRM has access to “most” of the core entities like Accounts, Contacts, Opportunity, etc…

Minimum privilege

The visibility of the entity icons depends only in the Read privilege of the current user. Most of the other privileges cannot be implemented if Read is missing, i.e. how can you Update a record if you cannot read it? It means that Read is the minimum privilege.

Visibility to other entity

Displaying the entity icon based on another entity privilege is possible as well. Thus, the current user retains the Read privilege but inaccessible through Navigation Area. Through this option, we can prevent the user from accessing the entity records from the navigation.

Let’s start

So now, let me show how to do it based on a scenario/requirement.

Requirement: Account icon should only be visible if the current user has Read privilege to Contact entity.

  1. Using XrmToolBox Sitemap Editor, load (1) your organization sitemap.

NOTE: This article does not cover how to setup/manage connection in XrmToolbox.

managing sub area using xrmtoolbox

  1. The sitemap structure/components is loaded in the pane.
  2. Right-click nav_accts.
  3. Click Add Privilege.


  1. Put contact in Entity (1*)
  2. Read as checked (2*)

This is the condition that.

  1. Click Save (3*)
  2. Click Update Sitemap (4*)

update sitemap

  1. Notice the Privilege child under SubArea (5*).
  2. Refresh the browser of CRM

What is the expectation? If the current user has Read privilege (User/BU/etc) to contact, the Accounts icon is visible. If NONE, the Account icon will NOT be visible.

Let’s validate your understanding – in the setup above, what is the impact to the Account privilege?

Yup – None.


We can add another layer to prevent (or minimize) access to an entity through navigation. Having less icons in the navigation means users can focus into more important records.

Another option is the use of 1 entity to manage the visibility of icons. But be sure you are aware of the repercussion of this option.