the signed-in user does not have the appropriate security permissions to view these records

All replies

• 

  

  0

  Sign in to vote

  Hello Livia,

  please check if the role has "Read" privilege for your custom entity "new_cads".

  Regards,

  Roman

   

  Thursday, May 19, 2011 10:47 AM
• 

  

  0

  Sign in to vote

  Hello Roman, I have the role of System Administrator, and I can't modify the role of SalesPerson for READ custom entity ( new_cads ) .

  This is impossible , right ?

  ---

  Livia

  Thursday, May 19, 2011 11:01 AM
• 

  

  0

  Sign in to vote

  Hi Livia,

  am I getting you right, the problem is that you cannot change the security role?

  Have you "published All" changes?

  Can you enable tracing? Trace log gives you more detail than the error message above.

   

   

  Thursday, May 19, 2011 12:26 PM
• 

  

  0

  Sign in to vote

  It is not technically possible that the system administrator does not have enough privileges to assign privileges to another role. But the error message you get is quite clear:

  VerifyCallerPrivileges failed. User: 06747aee-a55b-e011-8a32-000c29510c27, PrivilegeName: prvReadnew_cads, PrivilegeId: 61b3194a-7cb2-4cda-bf56-ee5a000f5f88, Depth: Global, BusinessUnitId: 23607aee-a55b-e011-8a32-000c29510c27Detail

   

  You should bverify that user 06747aee-a55b-e011-8a32-000c29510c27 indeed has the OOB System Administrator role.

  Thursday, May 19, 2011 1:37 PM

  Moderator
• 

  

  0

  Sign in to vote

  Ok ! How can verify in sql tables that I am really system administrator ? CRM lies . I am not really what I see .

  ---

  Livia

  Thursday, May 19, 2011 2:02 PM
• 

  

  0

  Sign in to vote

  Run this query:

   

  select SystemUserBase.FullName, RoleBase.Name, SystemUserBase.SystemUserId,* from SystemUserRoles 
  join RoleBase on RoleBase.RoleId = SystemUserRoles.RoleId
  join SystemUserBase on SystemUserBase.SystemUserId = SystemUserRoles.SystemUserId
  

   

  and look for user with id 06747aee-a55b-e011-8a32-000c29510c27

  Thursday, May 19, 2011 2:14 PM

  Moderator
• 

  

  0

  Sign in to vote

  Thank you for the query ! These are 3 fields output .

  Amministratore, Amministratore System Administrator 06747AEE-A55B-E011-8A32-000C29510C27 

  I am System Administrator . But I am also System Customizer . When I try to delete this last privilege, here is what happens :

  Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #3599EDC1Detail:
  <OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
    <ErrorCode>-2147220970</ErrorCode>
    <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
    <Message>System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #3599EDC1</Message>
    <Timestamp>2011-05-19T14:35:00.6519898Z</Timestamp>
    <InnerFault>
      <ErrorCode>-2147220960</ErrorCode>
      <ErrorDetails xmlns:d3p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
      <Message>RoleService::VerifyCallerPrivileges failed. User: 06747aee-a55b-e011-8a32-000c29510c27, PrivilegeName: prvCreatenew_regione, PrivilegeId: c77596f5-9e2d-47ed-beb2-5d475668332f, Depth: Global, BusinessUnitId: 23607aee-a55b-e011-8a32-000c29510c27</Message>
      <Timestamp>2011-05-19T14:35:00.6519898Z</Timestamp>
      <InnerFault i:nil="true" />
      <TraceText i:nil="true" />
    </InnerFault>
    <TraceText i:nil="true" />
  </OrganizationServiceFault>

  ---

  Livia

  Thursday, May 19, 2011 2:41 PM
• 

  

  1

  Sign in to vote

  Hello, I got a solution : a user with the role of System Administrator , access mode Administrative , license Type Administrative can't enable access properties of custom entities to security role ( i.e. Salesperson ) , because verify access on these entities fails . Moreover this user can't vary his own access mode and he can't assign the role of System Administrator to another user ! I do a thing that I hate : I modified the table SystemUserBase giving Full Access and Full License to the user System Administrator ! And everythings is much better ! But I'm not very happy : I lost too much time .

  Regards

   

  ---

  Livia

  • Marked as answer by LiviaMF Thursday, November 17, 2011 9:06 AM

  Friday, May 20, 2011 2:42 PM
• 

  

  0

  Sign in to vote

  Glad to hear you figured it out. Note that you can modify the license type in CRM application (user form) rather than going to SQL. :)

  ---

  Gonzalo http://gonzaloruizcrm.blogspot.com/

  Friday, May 20, 2011 2:49 PM

  Moderator
• 

  

  0

  Sign in to vote

  I tried to change the license type using the form ! But IT ( CRM ) don't allow me !!! :(

  ---

  Livia

  Friday, May 20, 2011 2:53 PM
• 

  

  0

  Sign in to vote

  I found out that for me this error occures only for organization which was deployed using import organization. If I import solutions in clear organization everithing work fine but if I moove this organization somewhere (even in the same domain) error occures if i try to add role to a user.

  Wednesday, November 16, 2011 10:01 AM
• 

  

  0

  Sign in to vote

  I think you are confused with what the "Administrative Access  Mode" user means.
  A user with "Administrative Access mode client access license (CAL)" is for installing CRM server and only has "limited" access to CRM functionality since the user doesn't consume a Full client access license. (It doesn't matter what security role you have assigned to the user.  The user still doesn't have full access to CRM even assigned with a System Administrator role).

  Please make sure the user you logged in have a Full access Mode(Selecte "Read-Write" option in the Access Mode drop down in the Client Access License information section)

  Thanks,
  Mike

  http://social.microsoft.com/Forums/en-US/crmdeployment/thread/e0e12240-73b1-4da2-828c-e7428d3cbe8f

  http://social.microsoft.com/Forums/en/crm/thread/f27ef859-3120-4a2c-b987-f4ab32d78bf7

  
  

  • Proposed as answer by Mike M. LinMicrosoft employee Wednesday, November 16, 2011 7:51 PM
  • Edited by Mike M. LinMicrosoft employee Wednesday, November 16, 2011 10:43 PM

  Wednesday, November 16, 2011 7:51 PM
• 

  

  3

  Sign in to vote

  Mike, I am researching the same error experienced by one of my customers, and hitting the same error message on my test org.

  However, I disagree with your assertion regarding the Administrative access mode. It is designed to give a user access to the Settings area of CRM and deny them access to customer data so that the user can change CRM settings without consuming a CAL. In CRM 4.0 it didn't work at all (an Administrative user couldn't create a user account), and in CRM 2011 it was supposed to work as expected.

  A classic use case would be an IT administrator whose job it is to keep user records up-to-date (joiners, leavers, movers, etc.). In a large enterprise there could be a dozen or more people in an IT security or system administration team who need to control user access to the domain and line of business apps. But since the "Administrative" access mode in CRM doesn't work as expected, that large enterprise now has to buy full CALs for a dozen people in IT who don't really use CRM but they need to manage user accounts in CRM.

  CRM 2011 RU6 help which says this about the Administrative access mode: "User will not have access to Sales, Marketing, and Service areas. This access mode allows your organization to create an account for a member of the IT department for administering and customizing Microsoft Dynamics CRM without using up a seat from your Microsoft Dynamics CRM license."

  So the common expectation might be that an "Administrative" access mode user with a System Administrator security role should be able to perform all the administration tasks that a "Read-Write" access mode user with the same security role can perform.

  So I think it's a bug.

  ---

  Neil Benson, CRM Addict and MVP at Customery Ltd. You can reach me on LinkedIn or Twitter. Join over 10,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.

  Tuesday, January 31, 2012 5:44 PM

  Moderator
• 

  

  0

  Sign in to vote

  Thanks a lot Livia, you saved my time.

  Thursday, July 18, 2013 12:57 PM