In Dynamics 365, privileges are assigned to roles. Users can have many roles applied, and users can be assigned to teams which have many roles applied as well.
As a system administrator, you may need to know which roles have which privileges, such as when you are troubleshooting why a particular user does or does not have access to certain records.
For example, the Account Manager role below has many privileges for different record types such as Leads, Notes etc:
What if you wanted to know all the roles that where users can delete leads, without selecting each one?
The XrmToolBox has a plugin called Privileges Discovery:
On selecting it, you will see below. Click on Load Roles and Privileges:
Under name, you will see the entities in your system:
You can filter by entity name. I will filter by Lead. Select the specific type of privilege you are looking for (Organization, Parent: Child Business Unit, Business Unit, User or Any) and click the arrow to move it into the Selected Privileges box:
The click Display roles that match the selection. All roles that use the selected criteria will be displayed:
Finally, you can open the security role in Dynamics 365 from the toolbox: