Sign in

Microsoft.com

Microsoft

Remove From My Forums

Why would a user be denied permission to assign activities?

Question
0

Sign in to vote

We have MSCRM v4.0 On Premise - UR7

I checked that another user with the same role also receives the error that they don't have permission to complete the action. So I looked at the role and it has the follow permissions for the Activity entity.

Create: User
Read: Org
Write: Bus
Delete: User
Append: Bus
Append To: Bus
Assign: Org
Share: Org

What else could stop a user from assigning activities? Also, for the test, the sales user was trying to assign the record to my user which has the admin role.

What am I missing?
Eric Hula - CRM Administrator

Wednesday, May 11, 2011 7:14 PM

Answers

0

Sign in to vote
Hi Eric,

It is likely that there is a cascade assign relationship on the activity, and so the permission is not to do with the activity but a related entity that CRM is trying to assign as well, but the user does not have permissions to do so.

If it isn't obvious from looking at the configuration, this is how I usually debug these kind of problems.

1.       Enable Platform tracing (http://support.microsoft.com/kb/907490), and then perform the operation that is giving an error.

2.       Find the entry in the logs that looks something like:
“SecLib::CheckPrivilege failed”
It will be followed by a User=xxx and PrivilegeId=xxx.

3.       On the MSCRM data base, execute the following SQL:
SELECT Name FROM Privilege Where PrivilegeId = [Value from the log]

4.       This will give you the name of the privilege that you’ll need to add to the user’s role.

Scott
www.develop1.net
- Proposed as answer by Edwin2win Thursday, May 12, 2011 10:23 AM
- Marked as answer by Eric Hula Thursday, May 12, 2011 1:14 PM
Thursday, May 12, 2011 7:23 AM

Answerer

All replies

0

Sign in to vote
Hi Eric,

It is likely that there is a cascade assign relationship on the activity, and so the permission is not to do with the activity but a related entity that CRM is trying to assign as well, but the user does not have permissions to do so.

If it isn't obvious from looking at the configuration, this is how I usually debug these kind of problems.

1.       Enable Platform tracing (http://support.microsoft.com/kb/907490), and then perform the operation that is giving an error.

2.       Find the entry in the logs that looks something like:
“SecLib::CheckPrivilege failed”
It will be followed by a User=xxx and PrivilegeId=xxx.

3.       On the MSCRM data base, execute the following SQL:
SELECT Name FROM Privilege Where PrivilegeId = [Value from the log]

4.       This will give you the name of the privilege that you’ll need to add to the user’s role.

Scott
www.develop1.net
- Proposed as answer by Edwin2win Thursday, May 12, 2011 10:23 AM
- Marked as answer by Eric Hula Thursday, May 12, 2011 1:14 PM
Thursday, May 12, 2011 7:23 AM

Answerer
0

Sign in to vote

http://support.microsoft.com/kb/953962/en-us

this KBA was helpful, has the info you listed. I will run the sql command and see what happens.
Eric Hula - CRM Administrator

Thursday, May 12, 2011 1:08 PM
0

Sign in to vote

prvReadQueue

Why do you need to be able read Queues to assign activities. I don't use the Queues.
Eric Hula - CRM Administrator

Thursday, May 12, 2011 1:14 PM