Thursday, August 25, 2016

Insufficient Permissions

When users get the Insufficient Permissions dialog, it means that security will not permit them to do the task they wanted. Sometimes this is desirable as you don't want to give users permission
The key to deciphering a permission issue in Dynamics CRM is in the log file. Click the Download Log File button. This will be an XML file containing a bunch of stuff that is difficult to comprehend, but using these steps to find just what you need will help make this easier.

Step 1: look for the Message tag. In my example, I see the following: 

SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 16476d24-ca68-e611-80cd-0050568077fb, OwnerId: 153d564f-1264-e611-80cc-0050568077fb, OwnerIdType: 8 and CallingUser: 400b5cdc-0d64-e611-80cc-0050568077fb. ObjectTypeCode: 3, objectBusinessUnitId: 8439abf5-4a07-e611-80c0-0050568077fb, AccessRights: AppendAccess 

Step 2: The parts you need to look at are the ObjectTypeCode, and the AccessRights. You can identify the entity by checking the ObjectTypeCode against this reference: https://msdynamicscrmblog.wordpress.com/2013/07/18/entity-type-codes-in-dynamics-crm-2011/ so in this case, the entity is the Opportunity.

 Step 3: Check the users rights for the Opportunity entity. You do this by opening the users record (under settings/users) and then click the Manage Roles in the command bar (sometimes it is under the "..." more commands icon). Make a note of all the Security Roles assigned to the user. Note: Some users can have more than one role.

Step 4: View the assigned Security Roles (under the Security menu in the main navigation).
In this case, the user only has rights to Append records to her own opportunities. 


Step 5: It appears in this case that the user must not have had ownership of the Opportunity record and therefore could not Append any information to it, such as a note, activity, product, or a connection. To resolve the issue, you can assign the ownership of the record to the user (if it is just one time), or give her full rights to append to opportunities to records owned by others. In some cases, you might want to build more complex workflows that assign ownership of an opportunity depending on what stage the sales process is in order to control who can make changes during the sales process.

No comments: