Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 release wave 1Discover the latest updates and new features to Dynamics 365 planned through September 2020
Release overview guides and videos Release Plan | Preview 2020 Release Wave 1 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
Hi, we just found a customer using Dynamics CRM 2011 who reports CRM Admins are unable to modify any Security Role. When they try to do this, they got an error claiming the user has inssuficient privileges for the operation. However, users are a System Admin and the error detail log shows the offending privilege is prvReadComplexControl.
We checked the user accounts granted the CRM Admin role and they have assigned the correct full license with read and write privileges.
So, how can I attack this issue? As usual, your advise is really much appreciated.
Are those admins part of the Default Business Unit of the CRM Organization or are they part of a Child BU?
If they are part of a child BU, if you change them to the default BU and assign them the Sys Admin role again, does it work?
In addition to the above, what is the build of your CRM Organization DB vs the binaries? (You can check the build in the deployment manager and within Installed Windows Updates). Is there a mismatch between them? If so, if you try to bring them to the same build does it solve your issue?
Another thing worth trying, if you are not running the latest Update Rollup, you can install it and see if that does the trick.
Hope this helps
Thanks Radu, your idea about the BU did not work. Every attempt to manage Security Roles produces the same error, I mean, prvReadComplexControl is missing. Any other ideas are welcome.
Regarding the Update Rollup they are not running the latest and they won't because of compatibility issues with a custom solution implemented by other vendor. We should find a solution based in their current scenario.
Would you please elaborate in the CRM Organization DB vs the binaries? How this can damage the access to security roles in such a way?
Sorry that nothing helped so far.
Sure - i would be more than happy to elaborate on the DB vs binaries.
For example if the binaries are version 5.2 and DB is 5.1 (some generic values) within the binaries the upgrade from 5.1 to 5.2 could have introduced some new logic, that expects within the DB to have a certain privilege. Since the db is on an earlier build, that privilege was not yet created - hence leading to an exception. I am not saying that this is the issue you are running into but it could be a possibility.
Hope this helps.
Thanks Radu. What you mention has sense to me. Because this is an OnPremise instance I performed the following Selects in the DB and the missing Privilege is there:
select PrivilegeId from Privilege
the answer was A4736385-9763-4A64-A44B-CD5933EDC631
Then I performed the following Select:
select * from RolePrivileges
where PrivilegeId= 'A4736385-9763-4A64-A44B-CD5933EDC631' and
RoleId in (select RoleId from Role
where Name = 'System Administrator' )
the answer was a row with the details about the Privilege in the role System Administrator. I compared the results with other instance of CRM and they both are the same.
Any other thoughts? Because today is Sunday here, I will ask our customer to get the binaries and DB version on Monday to give them a look.
Can you please paste the exception and the call stack?
That might give us a better idea of where to look.
Could you check if there are any plugin which could be triggering on update of security role? You can disable all plugins and then try to confirm.
PS: Before disabling the plugins please do not what all were enabled so that you can enable it later.
Thanks Ravi. It seems there is no plugin fired in such event.
Hi Radu, I checked the binaries and the DB version and there is a difference in the numbers. It seems to me they tried to perform an upgrade in the past and it failed. I asked them to perform the upgrade process again, supervised by us this time. I don't know if the will accept our suggestion but in the meantime your idea that the issue is caused by a mismatch between the binaries and the DB it is the most realistic reason of the problem. I will mark your answer as the Suggested answer and if I hear from our customer in the upcoming days, I will let you know.
Thanks a lot for your time.
Fingers crossed. Please let me know how it goes.
Business Applications communities