Custom security roles do not work after you upgrade from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. When you sign into Dynamics CRM 2013 and try to access the records, you receive an insufficient permissions error. There is no definite behavior on the accessibility of records. This may occur for existing or newly created users who have custom security roles.
After you upgrade from Dynamics CRM 2011 to Dynamics CRM 2013, the "prvreadcomplexcontrol" (process configuration) privilege becomes one of the required privileges to access records or to sign in.
To resolve this issue, you can assign read privilege to process configuration under the customization tab for the affected custom security role.
Default security roles work as expected.