Question Status

Suggested Answer
Dinesh Veeranki asked a question on 17 Mar 2015 3:05 AM

Hi,

I have share privilege as user level on case entity.

Now whenever I share a record a record, record is getting shared, but when I unshared the same record it is throwing access rights pop up.

Error is:

 

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #9662501BDetail:
<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
  <ErrorCode>-2147220970</ErrorCode>
  <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic">
    <KeyValuePairOfstringanyType>
      <d2p1:key>CallStack</d2p1:key>
      <d2p1:value xmlns:d4p1="http://www.w3.org/2001/XMLSchema" i:type="d4p1:string">   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)</d2p1:value>
    </KeyValuePairOfstringanyType>
  </ErrorDetails>
  <Message>System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #9662501B</Message>
  <Timestamp>2015-03-17T08:02:58.2971115Z</Timestamp>
  <InnerFault>
    <ErrorCode>-2147187962</ErrorCode>
    <ErrorDetails xmlns:d3p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic">
      <KeyValuePairOfstringanyType>
        <d3p1:key>CallStack</d3p1:key>
        <d3p1:value xmlns:d5p1="http://www.w3.org/2001/XMLSchema" i:type="d5p1:string">   at Microsoft.Crm.Dialogs.ShareDialogPage.ConfigureForm()
   at Microsoft.Crm.Application.Controls.AppUIPage.OnPreRender(EventArgs e)
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)</d3p1:value>
      </KeyValuePairOfstringanyType>
    </ErrorDetails>
    <Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2baecd10-70cc-e411-80e6-0003ff465130, OwnerId: 9bd2947c-adc0-e411-80e3-0003ff465130,  OwnerIdType: 9 and CallingUser: e7a9683a-55bb-e411-80e2-0003ff465130. ObjectTypeCode: 112, objectBusinessUnitId: ab18c671-a0b6-e411-80e1-0003ff465130, AccessRights: 262152 </Message>
    <Timestamp>2015-03-17T08:02:58.2971115Z</Timestamp>
    <InnerFault i:nil="true" />
    <TraceText i:nil="true" />
  </InnerFault>
  <TraceText i:nil="true" />
</OrganizationServiceFault>

 

 

 

Reply
Suggested Answer
Aileen Gusni responded on 17 Mar 2015 3:38 AM

Hi Dinesh,

The Access Right: '262152' seems it's related to Activity Share..

social.microsoft.com/.../access-denied-when-marking-appointment-as-complete

Because the Case has parental behavior with activities, such as Appointment, Email, etc.

So I think when you share the Case, the case still has no Activities, but when you unshared, the Case itself already have activity.

When you unshared the Case, it also will unshared the related Activities records that also required Share privilege because you want to revoke Share, I think CRM checks needs this permission.

Increase the privilege let's say from None to User or Business Unit (seems you need more than user level because the owner and the calling user are different)

Or if the Owner Id '9bd2947c-adc0-e411-80e3-0003ff465130' and the Calling User Id 'e7a9683a-55bb-e411-80e2-0003ff465130' are in different Business Unit, you need to increase the Share Privilege of the Activities (in the core record to Parent Business Unit or Organization)

Hope this can help you.

Thanks.

Reply
Dinesh Veeranki responded on 17 Mar 2015 5:37 AM

Hi Aileen,

Thanks for the reply, For the case record there are no child records still it is showing the same error.

Suppose if I have case with child records(activities) I gave activities share access to organization level, still the error is coming.

Reply
Aileen Gusni responded on 17 Mar 2015 6:16 AM

Hi Dinesh,

You are using CRM OnPremise?

Try to do SQL Query

select * from privilege

where AccessRight = '262152'

And you can see what privilege is missing.

Thanks.

Reply
Dinesh Veeranki responded on 21 Mar 2015 6:49 AM

i have given permissions to business unit level, then i can able to share and unshare a record on case entity.

But when i give user level permission i am unable to unshare a record, what could be the root cause?

Reply
Aileen Gusni responded on 21 Mar 2015 8:25 AM

Dinesh,

CRM does requires this because of that required privilege.

What is the result of the SQL Query?

What privilege required?

As you can see the error.

<Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2baecd10-70cc-e411-80e6-0003ff465130, OwnerId: 9bd2947c-adc0-e411-80e3-0003ff465130,  OwnerIdType: 9 and CallingUser: e7a9683a-55bb-e411-80e2-0003ff465130. ObjectTypeCode: 112, objectBusinessUnitId: ab18c671-a0b6-e411-80e1-0003ff465130, AccessRights: 262152 </Message>

So, the object: '2baecd10-70cc-e411-80e6-0003ff465130'

Is owned by: '9bd2947c-adc0-e411-80e3-0003ff465130'

While the current user who executes is 'e7a9683a-55bb-e411-80e2-0003ff465130'

The current object BU is: 'ab18c671-a0b6-e411-80e1-0003ff465130'

Which is different from the executor's in term of Business Unit.

Internally CRM does requires you try to unshared an object that is NOT owned by your, instead it is owned by other user from other Business Unit.

Hope you can try to get the privilege result and see your own what privilege is missing.

Hope this helps.

Thanks.

Reply
Suggested Answer
Aileen Gusni responded on 17 Mar 2015 3:38 AM

Hi Dinesh,

The Access Right: '262152' seems it's related to Activity Share..

social.microsoft.com/.../access-denied-when-marking-appointment-as-complete

Because the Case has parental behavior with activities, such as Appointment, Email, etc.

So I think when you share the Case, the case still has no Activities, but when you unshared, the Case itself already have activity.

When you unshared the Case, it also will unshared the related Activities records that also required Share privilege because you want to revoke Share, I think CRM checks needs this permission.

Increase the privilege let's say from None to User or Business Unit (seems you need more than user level because the owner and the calling user are different)

Or if the Owner Id '9bd2947c-adc0-e411-80e3-0003ff465130' and the Calling User Id 'e7a9683a-55bb-e411-80e2-0003ff465130' are in different Business Unit, you need to increase the Share Privilege of the Activities (in the core record to Parent Business Unit or Organization)

Hope this can help you.

Thanks.

Reply