The merge functionality in Dynamics 365 allows users to combine any two records of the Account, Contact, Lead and Case entities where the fields from one record will carry over to the Master record and become deactivated. This is useful especially in cases of unexpected duplicate records.
When creating custom security roles however, it is important to note the minimum privileges required to enable users to use this functionality. This link shows the minimum privileges required for each of the entities where the Merge functionality is enabled. Essentially, users require Append, Append to, Read, Share and Write access to the main entity, and most importantly the Merge privilege found under Business Management shown below:
Not having write privileges will result in the Merge button not appearing in the ribbon at all
Expectedly, not having read privileges will result in no visible records. Also note that missing any of the stated privileges will result in an Insufficient Security error, as Dynamics will do a basic privilege check before performing the Merge.
The article from the link above also states that Append and Write privileges to Activity are required, although that does not seem apparent from testing.
After ensuring that a User has all the privileges required and attempting a Merge, we received an Insufficient Permissions error with the log stating that prvReadCustomerOpportunityRole is missing.
The Opportunity Relationship entity is deprecated, as its functionality is replaced by the new Connection/Connection role entities. However, this error states that read privileges to the Opportunity Relationship entity is required to perform this merge.
To fix this, the user will need only the Read privilege for the Opportunity Relationship entity under Core Records.