The documentation for the Dynamics security model (msdn.microsoft.com/.../gg334673.aspx & msdn.microsoft.com/.../gg328567.aspx) states that in order to relate two records together a user needs Append To and Read privileges on the parent Entity and Append and Read permission on the child Entity.
In practice it seems like a Dynamics CRM 2013 subgrid will not let a user relate records unless they also have at least user level Create privileges on the child Entity. Using the Dynamics SDK to relate two records together works as expected, however when in the Dynamics UI, clicking on the '+' button to begin in a subgrid to relate two records together does nothing unless the user has Create privileges.
Curiously I've also noticed that while clicking on the '+' button does nothing, if I refresh the page afterwards I always get one of those "Dynamics has encountered an error" popups, perhaps this is a bug with Dynamics?
At any rate this is a pretty breaking problem for us as we have plenty of “reference data” Entities in an N:N relationship that users should be able to relate existing records with, but not create new records.
Is anyone else aware of this problem? Is there some kind of workaround or setting that I'm missing?
(Link to issue on Dynamics CRM forums: https://community.dynamics.com/crm/f/117/t/119729.aspx)