How to troubleshoot permissions issue

  • Article

Microsoft Dynamics CRM includes standard security roles, but almost every organization must adapt these to fit their needs. CRM users are often presented with the following error message, which usually means that one or more privileges are missing from their security role:

clip_image001

“The logged-on user does not have the appropriate security permissions to view these records or perform the specific action.”

Hidden Privileges:

One of the reasons for this error is the lack of “hidden privileges”. These are not visible in the security role form, and by default are not included in a security role if we create it from scratch. We recommend one of the two following resolutions:

· Instead of creating a security role from scratch, copy an existing one and customize it. This way you guarantee that hidden privileges will be present.

· In case you have already created a security role from scratch, apply the latest Update Rollup and follow the steps described in the article 968515

Lack of Privileges

If the problem is not caused by hidden privileges, it might simply come from a missing privilege in the user’s security role. Instead of following the try-and-error method, you can easily identify the faulty privilege.

1. Enable CRM platform traces

2. Reproduce the error

3. Disable the traces

4. Open the traces, and look for the string ‘level: Error’, until you find an error similar to the following:
>Crm Exception: Message: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 416cb65c-292c-de11-88a9-0003ffede221 and PrivilegeId: 8b99344e-ebbf-4f84-8438-e1e34d194de9, ErrorCode: -2147220960

5. We obtain the ID of the privilege: 8b99344e-ebbf-4f84-8438-e1e34d194de9

6. Open SQL Server Management Studio and run the following query against the <Organization>_MSCRM database:
select * from privilegebase where privilegeId = '8b99344e-ebbf-4f84-8438-e1e34d194de9'

7. We now have the name of the privilege missing in the column ‘Name’: prvAssignActivity

Now you only have to add this privilege to the user’s security role to resolve the issue:

clip_image002

Regards,

Yoann Nesme