{"id":3900,"date":"2016-11-18T17:57:20","date_gmt":"2016-11-18T12:27:20","guid":{"rendered":"https:\/\/www.inogic.com\/blog\/?p=3900"},"modified":"2022-06-24T12:43:39","modified_gmt":"2022-06-24T07:13:39","slug":"insufficient-permissions-error-on-assigning-a-record-in-dynamics-365","status":"publish","type":"post","link":"https:\/\/www.inogic.com\/blog\/2016\/11\/insufficient-permissions-error-on-assigning-a-record-in-dynamics-365\/","title":{"rendered":"Insufficient Permissions Error on Assigning a record in Dynamics 365"},"content":{"rendered":"<p><strong>Introduction<\/strong><\/p>\n<p>While working on one of our client requirement, we came across with one interesting scenario about security roles access level setup for Read and Assign privileges, which leads to errors on Dynamics CRM forms.<\/p>\n<p><strong>Scenario:<\/strong><\/p>\n<p>The requirement was to allow a user with specific security role in Dynamics CRM say \u201cSalesperson\u201d to assign lead record owned by them to other users on the basis of some criteria.<\/p>\n<p>Below is how Salesperson security role setup for lead entity,<\/p>\n<p><a href=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/Security-Role-setup.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3909\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/Security-Role-setup.jpg\" alt=\"Security Role setup\" width=\"787\" height=\"145\" \/><\/a><\/p>\n<p>Read and Assign privilege both are user level.<\/p>\n<p>Process flow advised to follow was:<\/p>\n<ol>\n<li>Sales people will check their leads (Since salesperson has user level privilege for read they can view only leads those are owned by them).<\/li>\n<li>Open lead record, and click on \u201cAssign\u201d button and choose the user to assign the lead to.<\/li>\n<\/ol>\n<p>Simple process, the privileges setup allow for assigning records, so they should be good to do the steps requested above.<\/p>\n<p>However, in the above case we received an error saying Access Is Denied as shown below.<\/p>\n<p><a href=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/Access-is-denied-error.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3906\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/Access-is-denied-error.jpg\" alt=\"Access is denied error\" width=\"574\" height=\"285\" \/><\/a><\/p>\n<p>When we downloaded error log, it stated insufficient privileges for reading lead record.<\/p>\n<p>\u201c<strong>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: d014dcb3-c77f-e611-8127-fc15b4284c10, OwnerId: 3f92c9a1-f49f-e611-8127-c4346bad3608,\u00a0 OwnerIdType: 8 and CallingUser: 3f92c9a1-f49f-e611-8127-c4346bad3608. ObjectTypeCode: 4, objectBusinessUnitId: d7cf13e4-717f-e611-811c-c4346badf550, AccessRights: ReadAccess<\/strong>\u201d<\/p>\n<p>\u201cReadAccess\u201d error was confusing as we actually assigned record and the user to which the record was being assigned also had similar privileges.<\/p>\n<p>To dig a little deeper into this, we tried a couple of things;<\/p>\n<ul>\n<li>We tried to assign the record from the home page grid: In this case, record is assigned to other user and it is removed from the \u201cMy Open leads\u201d view. No error was thrown at all!<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/assign-record-from-home-page.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3908\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/assign-record-from-home-page.jpg\" alt=\"assign record from home page\" width=\"937\" height=\"273\" \/><\/a><\/p>\n<ul>\n<li>Then we tried to assign record from entity form: In this case, we get the Insufficient Privilege error.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/assign-record-from-entity-form.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3907\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2016\/11\/assign-record-from-entity-form.jpg\" alt=\"assign record from entity form\" width=\"1135\" height=\"355\" \/><\/a><\/p>\n<p>Navigate to the My Open Leads View. The record does not show up on the view. This means the record was successfully assigned to the user. We received the error because the logged in user only had user level privilege to the lead. With the lead assigned to another user, they were no longer the owner of this record and therefore the \u201cInsufficient permission error\u201d.<\/p>\n<p><strong>Conclusion:<\/strong><\/p>\n<p>Dynamics 365 knows its security right!!! When it says you have insufficient privileges \u2013 you do have insufficient privileges \ud83d\ude42<\/p>\n<h2 style=\"text-align: left;\"><div class=\"su-heading su-heading-style-default su-heading-align-center\" id=\"\" style=\"font-size:15px;margin-bottom:5px\"><div class=\"su-heading-inner\">One Pic = 1000 words! Analyze data 90% faster with visualization apps!<\/div><\/div><\/h2>\n<p style=\"text-align: left;\"><em>Get optimum visualization of Dynamics 365 CRM data with &#8211;<\/em><br \/>\n<em><strong><a href=\"https:\/\/www.inogic.com\/product\/productivity-apps\/kanban-board-dynamics-365-crm\" target=\"_blank\" rel=\"noopener noreferrer\">Kanban Board<\/a> <\/strong>\u2013 Visualize Dynamics 365 CRM data in Kanban view by categorizing entity records in lanes and rows as per their status, priority, etc.<\/em><br \/>\n<em><strong><a href=\"https:\/\/www.inogic.com\/product\/productivity-apps\/map-my-relationships-dynamics-365-crm\" target=\"_blank\" rel=\"noopener noreferrer\">Map My Relationships<\/a><\/strong> \u2013 Map My Relationships \u2013 Visualize connections and relationships between Dynamics 365 CRM entities or related records in a Mind Map view.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction While working on one of our client requirement, we came across with one interesting scenario about security roles access level setup for Read and Assign privileges, which leads to errors on Dynamics CRM forms. Scenario: The requirement was to allow a user with specific security role in Dynamics CRM say \u201cSalesperson\u201d to assign lead\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.inogic.com\/blog\/2016\/11\/insufficient-permissions-error-on-assigning-a-record-in-dynamics-365\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[16,24,51],"tags":[946,947,1102,1568],"class_list":["post-3900","post","type-post","status-publish","format-standard","hentry","category-dynamics-365","category-dynamics-crm-2016","category-security","tag-insufficient-permissions-error-dynamics-365","tag-insufficient-permissions-error-on-assigning-dynamics-365-record","tag-microsoft-dynamics-365-security-roles","tag-security-roles-in-microsoft-dynamics-crm"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/3900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/comments?post=3900"}],"version-history":[{"count":0,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/3900\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/media?parent=3900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/categories?post=3900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/tags?post=3900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}