Monday, 6 January 2014

Permissions issues affecting Views in Ms Dynamics CRM 2011

A few weeks back we had an interesting issue come up.

We have a custom entity called centre with a 1:N to another custom entity called transaction (wen_trans) [transaction has a relationship with experience (wen_exp)] and in the centre record we display the related transactions. Except that in this case it wasn't showing anything and there was an interesting error message for a particular set of users:

To make matters interesting, using Advanced Find revealed all the (transaction) records that should have been displayed in the associated view and not only that, but the users were able to open the records, so I can't have been permissions right?

This is the error message in the crm logs:
Principal user (Id=666dd230-5b57-e311-8eab-0050568e2c11, type=8) is missing prvReadwen_exp privilege (Id=1a23a4a4-6f81-4410-9df8-d6a7a052ae72), ErrorCode: -2147220960, InnerException: Microsoft.Crm.CrmSecurityException: Principal user (Id=666dd230-5b57-e311-8eab-0050568e2c11, type=8) is missing prvReadwen_exp privilege (Id=1a23a4a4-6f81-4410-9df8-d6a7a052ae72)
· MessageProcessor fail to process message 'RetrieveMultiple' for 'wen_trans'.
So we modified the roles temporary giving read access to experience and the issue was sorted but why was the issue occurring in the first place?

Well, it turns out that the trace log was right all along and we needed read access to the experience entity as the associated view for transaction had some columns that were displaying data from the experience entity.

This is one of those issues that are very obvious once you know the answer but pretty tricky to find said answer, so hope it helps.

No comments:

Post a Comment