Freigeben über

How to troubleshoot permissions issue

  • Artikel

Microsoft Dynamics CRM includes standard security roles, but almost every organization must adapt these to fit their needs. CRM users are often presented with the following error message, which usually means that one or more privileges are missing from their security role:

clip_image001

“The logged-on user does not have the appropriate security permissions to view these records or perform the specific action.”

Hidden Privileges:

One of the reasons for this error is the lack of “hidden privileges”. These are not visible in the security role form, and by default are not included in a security role if we create it from scratch. We recommend one of the two following resolutions:

· Instead of creating a security role from scratch, copy an existing one and customize it. This way you guarantee that hidden privileges will be present.

· In case you have already created a security role from scratch, apply the latest Update Rollup and follow the steps described in the article 968515

Lack of Privileges

If the problem is not caused by hidden privileges, it might simply come from a missing privilege in the user’s security role. Instead of following the try-and-error method, you can easily identify the faulty privilege.

1. Enable CRM platform traces

2. Reproduce the error

3. Disable the traces

4. Open the traces, and look for the string ‘level: Error’, until you find an error similar to the following:
>Crm Exception: Message: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 416cb65c-292c-de11-88a9-0003ffede221 and PrivilegeId: 8b99344e-ebbf-4f84-8438-e1e34d194de9, ErrorCode: -2147220960

5. We obtain the ID of the privilege: 8b99344e-ebbf-4f84-8438-e1e34d194de9

6. Open SQL Server Management Studio and run the following query against the <Organization>_MSCRM database:
select * from privilegebase where privilegeId = '8b99344e-ebbf-4f84-8438-e1e34d194de9'

7. We now have the name of the privilege missing in the column ‘Name’: prvAssignActivity

Now you only have to add this privilege to the user’s security role to resolve the issue:

clip_image002

Regards,

Yoann Nesme

Comments

  • Anonymous
    July 13, 2010
    The comment has been removed

  • Anonymous
    August 13, 2010
    The comment has been removed

  • Anonymous
    November 13, 2014
    Hi Yoam How did you confirm the column ‘Name’: prvAssignActivity after running the query in  SQL' ?!

  • Anonymous
    June 12, 2015
    I can give the User Sys Admin role and the error still occurs.