locked
CRM 2011 - You do not have enough privileges RRS feed

  • Question

  • Hi,

    we are having an issue with one college which is the owner of Account in which he is trying to add a new Opportunity.

    He gets the "Access is Denied" message:

    Error details:

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Principal user (Id=5f113cf1-3e71-e311-8ee7-005056a34d29, type=8) is missing prvReadInvoice privilege (Id=824b86c8-7851-4abe-9d99-e281e8f1d504)Detail:
    <OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
      <ErrorCode>-2147220960</ErrorCode>
      <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
      <Message>Principal user (Id=5f113cf1-3e71-e311-8ee7-005056a34d29, type=8) is missing prvReadInvoice privilege (Id=824b86c8-7851-4abe-9d99-e281e8f1d504)</Message>
      <Timestamp>2015-04-14T13:16:43.4665819Z</Timestamp>
      <InnerFault i:nil="true" />
      <TraceText i:nil="true" />
    </OrganizationServiceFault>

    What is even more strange, is that user has all the normal roles like other colleges, no special secuirty roles for him.

    Googling i found one interesting information about changing the role on Customization tab, and that is to enable the view in the read Collumn. But nothing has changed.

    How can I check directly on his machine what roles does he have AT THE MOMENT? Is there some kind of a query?

    His Security role:

    Wednesday, April 15, 2015 7:15 AM

All replies

  • Hello,

    You have to add privilege to read Invoice records - prvReadInvoice.


    Dynamics CRM MVP
    My blog

    • Proposed as answer by Abhishek73 Wednesday, April 15, 2015 7:26 AM
    Wednesday, April 15, 2015 7:24 AM
    Moderator
  • As suggested by Andrii, you need to give him read access to invoices.

    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Wednesday, April 15, 2015 7:27 AM
  • Thank you both for such a fast reply. I will try it and let you know if ti works.

    However, I want to find out how you saw that, i know that you read it from the error text file, but is it always "so clear" to see what is missing?

    And, how can I find out which roles are currently assigned to a user on his machine?

    Wednesday, April 15, 2015 7:47 AM
  • Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Principal user (Id=5f113cf1-3e71-e311-8ee7-005056a34d29, type=8) is missing prvReadInvoice privilege (Id=824b86c8-7851-4abe-9d99-e281e8f1d504)Detail:
    <OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
      <ErrorCode>-2147220960</ErrorCode>
      <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
      <Message>Principal user (Id=5f113cf1-3e71-e311-8ee7-005056a34d29, type=8) is missing prvReadInvoice privilege (Id=824b86c8-7851-4abe-9d99-e281e8f1d504)</Message>
      <Timestamp>2015-04-14T13:16:43.4665819Z</Timestamp>
      <InnerFault i:nil="true" />
      <TraceText i:nil="true" />
    </OrganizationServiceFault>

    I have highlighted what we read in error log as bold. For more information on privileges on entities you can refer this

    https://msdn.microsoft.com/en-us/library/hh547441.aspx

    Hope this helps!

     

    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Wednesday, April 15, 2015 8:01 AM
  • This is the new error, still does not work.

    College is trying to create a new opportunity on his own account.

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2e5d93a5-615c-dc11-8640-0016359f287c, OwnerId: d682340f-4eaf-da11-817d-0011d83c4096,  OwnerIdType: 8 and CallingUser: 5f113cf1-3e71-e311-8ee7-005056a34d29. ObjectTypeCode: 4, objectBusinessUnitId: df2566d4-8ba0-db11-866a-0016359f287c, AccessRights: AppendToAccess Detail:

    <OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">

      <ErrorCode>-2147187962</ErrorCode>

      <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />

      <Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2e5d93a5-615c-dc11-8640-0016359f287c, OwnerId: d682340f-4eaf-da11-817d-0011d83c4096,  OwnerIdType: 8 and CallingUser: 5f113cf1-3e71-e311-8ee7-005056a34d29. ObjectTypeCode: 4, objectBusinessUnitId: df2566d4-8ba0-db11-866a-0016359f287c, AccessRights: AppendToAccess </Message>

      <Timestamp>2015-04-15T08:46:33.6711186Z</Timestamp>

      <InnerFault i:nil="true" />

      <TraceText i:nil="true" />

    </OrganizationServiceFault>

    Wednesday, April 15, 2015 8:49 AM
  • Hello Tonito,

    What rights does the user has for "Append" and "Append to" on opportunity entity? The Append and Append To access rights work in tandem with one another. So in your scenario when your colleague user is trying to create an opportunity he is trying to attach it in respect to an account, hence he must have both rights.

    Try that and let us know. And you can also read this blog mentioned below for more about append and append to

    http://missdynamicscrm.blogspot.in/2014/11/understanding-read-vs-append-vs-appendto-access-level-in-crm-security-roles.html


    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Wednesday, April 15, 2015 9:06 AM
  • Can you take a look at the screenshot above? That would be the Core Records. If some other tab is needed I will post it.

    Thanks for your help!

    edit: it looks like it is Lead item on core records
    • Edited by Tonito Dux Wednesday, April 15, 2015 9:22 AM Lead added
    Wednesday, April 15, 2015 9:13 AM
  • Give him Append and Append to rights on account entity, cause he is trying to create an opportunity which will be associated with an account in your case. Once you do that, I am sure it will work like a charm!


    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Wednesday, April 15, 2015 9:23 AM
  • Thank you for all of your help and patience!

    it was lead after all:

    Wednesday, April 15, 2015 9:30 AM