Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
The user is not assigned any privileges. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    When one user with special role try to access to an customize entity. In ISV folder he got an error User is not assigned.
    Microsoft CRM could not log the user.

    Which is wierd is this user can't even create this entity from the entity module. but he has access to the rest of the website.

    IF I use a test user with the same profile that will work.

    Any idea?

    thanks

    Wednesday, October 20, 2010 12:23 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Sometimes security descriptors can get messed up when moving a user around between BUs.  Apparently the only fix for that is to contact Microsoft Support and obtain a script that reconfigures the security descriptors for the entire organization.  Behaviors like the one you're seeing are common symptoms of that situation.  However, the problem may very well be that your "test user" has kept improper security descriptors from its origin BU (a symptom that requires MS scripting), which allows the test user access where your errant user cannot access.  A true "test" would be to create a new user in the BU of your problem user, and assign it the same roles.  Then you'll be able to identify the vector by which broken security descriptors have entered the equation.
    Dave Berry - MVP Dynamics CRM - http:\\crmentropy.blogspot.com
    Wednesday, October 20, 2010 3:53 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    You need to ensure that any related entities that the custom entity has lookup fields too has the Append security role settings set.
    MSCRM Bing'd - http://bingsoft.wordpress.com

    Check out the CRM 4 to CRM 2011 JavaScript Converter Tool
    Wednesday, October 20, 2010 1:37 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for your help,

    I actually checked this already. And like I explained ... i gave to my test user the same BU and the same role and with this test user it works.

    IN the same environment.

     

    Wednesday, October 20, 2010 3:44 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Sometimes security descriptors can get messed up when moving a user around between BUs.  Apparently the only fix for that is to contact Microsoft Support and obtain a script that reconfigures the security descriptors for the entire organization.  Behaviors like the one you're seeing are common symptoms of that situation.  However, the problem may very well be that your "test user" has kept improper security descriptors from its origin BU (a symptom that requires MS scripting), which allows the test user access where your errant user cannot access.  A true "test" would be to create a new user in the BU of your problem user, and assign it the same roles.  Then you'll be able to identify the vector by which broken security descriptors have entered the equation.
    Dave Berry - MVP Dynamics CRM - http:\\crmentropy.blogspot.com
    Wednesday, October 20, 2010 3:53 PM
    Moderator