locked
Create User and change Business Unit role only in CRM RRS feed

  • Question

  • We needed a custom role which has the capability to do the following tasks:

    1) Create User

    2) Assign Roles to the User

    3) Enable/Disable User

    4) Change Business Unit for the User

    I tried by copying the System Admin role and assigning it to a User with Administrative Access Mode. I then started removing some privileges which are not needed.

    I am able to do all the tasks mentioned above except changing the Business Unit.

    Looking at the trace logs I am seeing the following error:

    >MSCRM Error Report:
    --------------------------------------------------------------------------------------------------------
    Error: Exception of type 'System.Web.HttpUnhandledException' was thrown.

    Error Number: 0x80040220

    Error Message: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 666f6ccc-a1dc-df11-9f45-005056810009 and PrivilegeId: ca4a3b9f-6887-4b5d-90f4-e918ed17e175

    Error Details: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 666f6ccc-a1dc-df11-9f45-005056810009 and PrivilegeId: ca4a3b9f-6887-4b5d-90f4-e918ed17e175

    Stack Trace Info: [CrmSecurityException: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 666f6ccc-a1dc-df11-9f45-005056810009 and PrivilegeId: ca4a3b9f-6887-4b5d-90f4-e918ed17e175]

    Upon checking from DB i found that this privilege is missing on some entity: 'prvReadService'

    Can someone help me in identifying what needs to be changed or if there is any other way to develop a role in MS Dynamics CRM which can fulfill all the conditions mentioned above.

    Thanks in advance!

    Friday, April 13, 2012 1:42 PM

Answers

  • Did you try adding read access to the Service entity?


    I hope this helps. If my response answered your question, please mark the response as an answer and also vote as helpful. Michael Mayo

    • Marked as answer by Kushoon Monday, March 25, 2013 11:47 AM
    Friday, April 13, 2012 9:48 PM

All replies

  • Hi!

    To discover the missing privilege do the follow:

    • Open SQL Management Studio e run the follow query:

    select * from privilegebase where privilegeId = 'ca4a3b9f-6887-4b5d-90f4-e918ed17e175'

    • The trick is in the “Name” collumn. You'll see something like that: “prvAssignActivity”.
    • Repeat the process to the others PrivilegesIds

    Hope this help.

    Friday, April 13, 2012 8:25 PM
  • Did you try adding read access to the Service entity?


    I hope this helps. If my response answered your question, please mark the response as an answer and also vote as helpful. Michael Mayo

    • Marked as answer by Kushoon Monday, March 25, 2013 11:47 AM
    Friday, April 13, 2012 9:48 PM