When adding a user to a system role with specific feature permissions granted, CRM administrators have the ability to restrict the user’s access to those features based on site. CRM users who haven't been granted permission to be able to edit constituent records are able to do so via the tiles on the summary tab of a constituent record.
We are currently evaluating this issue for a fix in a future service pack.
Steps to Duplicate
Log into CRM and navigate to the Administration functional area.
Select Security, and then select System Roles.
Locate a system role that grants users the ability to view all information on constituent records regardless of the constituent’s site assignment.
Go to the System Role.
Select the Users tab, click Add and search for an application user that can be used for testing. Preferably the user is not a System Administrator and does not belong to any other system roles.
On The ‘Record access’ drop-down menu for ‘Site Security’, ‘Constituent Security’, and ‘Accounting element security’ should be set to all records.
After adding the user to the view only role, click the user’s name under the Users tab to go to the application user record.
Select the task from the left to run CRM as that user.
When logged into CRM as the test user, navigate to the Constituent functional area and select the Constituent Search task.
Enter any search terms, and click Search.
Select a constituent and go to the constituent’s record.
On the Summary tab click pencil icon at top of the page and edit constituent contact info.