locked
Business Unit Security Role Access RRS feed

  • Question

  • Hi All,

    i have two business units i.e A and B and User A is from A Business Unit and User B is from B Business Unit.And I am giving Business Unit Access Level for both Users
    So when i am assigning the Record from A Business Unit User to B Business unit User through Workflow.
    It does not saving the record, its showing the Read Access.

    The following is the error message.

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: c6b52130-a8d6-e411-93fe-005056b81a02, OwnerId: d3e6cbbb-a7d6-e411-93fe-005056b81a02,  OwnerIdType: 8 and CallingUser: 232d6930-a2d6-e411-93fe-005056b81a02. ObjectTypeCode: 4, objectBusinessUnitId: bf1cfc23-4dd1-e411-93f6-005056b81a02, AccessRights: ReadAccess Detail: 
    <OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
      <ErrorCode>-2147220891</ErrorCode>
      <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic">
        <KeyValuePairOfstringanyType>
          <d2p1:key>OperationStatus</d2p1:key>
          <d2p1:value xmlns:d4p1="http://www.w3.org/2001/XMLSchema" i:type="d4p1:string">0</d2p1:value>
        </KeyValuePairOfstringanyType>
        <KeyValuePairOfstringanyType>
          <d2p1:key>SubErrorCode</d2p1:key>
          <d2p1:value xmlns:d4p1="http://www.w3.org/2001/XMLSchema" i:type="d4p1:string">-2146233088</d2p1:value>
        </KeyValuePairOfstringanyType>
      </ErrorDetails>
      <Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: c6b52130-a8d6-e411-93fe-005056b81a02, OwnerId: d3e6cbbb-a7d6-e411-93fe-005056b81a02,  OwnerIdType: 8 and CallingUser: 232d6930-a2d6-e411-93fe-005056b81a02. ObjectTypeCode: 4, objectBusinessUnitId: bf1cfc23-4dd1-e411-93f6-005056b81a02, AccessRights: ReadAccess </Message>
      <Timestamp>2015-03-30T06:44:19.4733798Z</Timestamp>
      <InnerFault i:nil="true" />
      <TraceText>

    [Microsoft.Crm.ObjectModel: Microsoft.Crm.ObjectModel.SyncWorkflowExecutionPlugin]
    [3ee79f08-a8d6-e411-93fe-005056b81a02: ]
    Starting sync workflow 'Workflow:Checking User Security Role for Assigning', Id: 38e79f08-a8d6-e411-93fe-005056b81a02
    Entering ConditionStep1_step: 
    Entering ConditionStep3_step: 
    Entering AssignStep9_step: 
    Sync workflow 'Workflow:Checking User Security Role for Assigning' terminated with error 'SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: c6b52130-a8d6-e411-93fe-005056b81a02, OwnerId: d3e6cbbb-a7d6-e411-93fe-005056b81a02,  OwnerIdType: 8 and CallingUser: 232d6930-a2d6-e411-93fe-005056b81a02. ObjectTypeCode: 4, objectBusinessUnitId: bf1cfc23-4dd1-e411-93f6-005056b81a02, AccessRights: ReadAccess '

    </TraceText>
    </OrganizationServiceFault>


    K V SambasivaRao

    Monday, March 30, 2015 7:07 AM

All replies

  • Hi Samba,

    You need to change the security roles and privileges for the user to whom you are trying to assign the record. So User B from Business Unit B must be given at least read privilege for Business Unit A. Currently User B would have only BU level rights so he can access records for his own BU.

    You would have to change that to either "Deep" or Organizational Level.

    I hope this helps.


    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Tuesday, March 31, 2015 10:54 AM
  • Hi Bakshi,

    If we give Organization Level Permission to User B then he can see Business Unit A Records also na but User B need to see only his business unit(Business Unit B)Records only.

    Please suggest on this.

    Thank You.


    K V SambasivaRao

    Tuesday, March 31, 2015 5:47 PM
  • You don't need to give them organization access... As long as they have at least user level access this should be enough for them to own the record.

    However the error details tell you exactly what the problem is. User with ID d3e6cbbb-a7d6-e411-93fe-005056b81a02 does not have read access to Lead. You didn't mention what the entity was you're assigning, but if it's anything other than Lead then check your cascading relationship behavior, as it might be trying to cascade assign.

    If you are directly assigning leads then you'll need to check this user and make sure they have access to leads.

    Hope that helps

    Paul


    If my response helped you find your answer please show your thanks by taking the time to "Mark As Answer" and "Vote As Helpful".

    Twitter LinkedIn Facebook Blog Magnetism

    • Proposed as answer by Abhishek73 Monday, April 6, 2015 11:47 AM
    Wednesday, April 1, 2015 3:26 AM