Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

(0) Share

Report

Posted on by Community Member

Hi Team,

Thanks in Advance!

Am stuck in something very simple I think.

I have set of user/supporters in my Organization, who have access to create users in MS DYANMICS 365 CRM. They are not system admin, but have roles more than a normal user. They can "create" users in CRM and view most of the setting which ideally a normal user can not see, only he/she cannot edit/create them.

Everything going normal, but "error" comes - when there is request to "re-name" an existing user.

This support team when tries to rename the existing user, they get an error message.

Below is the Log file:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Access is denied.Detail:
<OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance" xmlns="schemas.microsoft.com/.../Contracts">
<ActivityId>fcc8f256-6b47-43ec-8529-8d12cca58f9e</ActivityId>
<ErrorCode>-2147187707</ErrorCode>
<ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic" />
<Message>Access is denied.</Message>
<Timestamp>2019-01-22T12:45:32.5557354Z</Timestamp>
<ExceptionRetriable>false</ExceptionRetriable>
<ExceptionSource i:nil="true" />
<InnerFault i:nil="true" />
<OriginalException i:nil="true" />
<TraceText i:nil="true" />
</OrganizationServiceFault>

We are using:

MS Dynamics 365 version 1612 (8.2.2.112) (DB 8.2.2.112) on-premises

It will great to hear from you all :)

Best Regards.

*This post is locked for comments

All responses (11)

Answers (0)

Suggested answer

Sreevalli 3,256 on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Hello,

I was not talking about CRM roles. I meant about User Admin role.

docs.microsoft.com/.../about-admin-roles
Community Member on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

HI Sreevali,

Thanks for the feedback.

This custom roles- is very similar to an admin role. Only - the tab "Customization", has "Read" only Privileges for most of the entities here.

I think I will run the enable tracer in CRM server (as suggested by Mahender) to check the missing privilege and then share result here.

Best regards.
Suggested answer

Sreevalli 3,256 on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Hi Jasveer,

As per Error it say you are trying to change the domain name of the user, only CRM Global admin can do such changes.
Community Member on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Thanks Srikanta, this doesnot work we have given that access mode already and tested.

But thanks again!

Best Regards.
Suggested answer

Srikanta Mahapatro 190 on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Hi Jasveer,

After giving the required security role, can you try to give the Access Mode of user to "Administrative" in Client Access License (CAL) Information section.

Thanks,

Srikanta
Community Member on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Thanks Kokulan, the custom role already have Org Level write. And still they are not able to re-name any BU user.

Though they can create user across globe.

Best Regards.
Community Member on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Thanks Mahender, sure let me try this.

Best regards
Suggested answer

Kokulan 18,054 on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

You will have to give Business Unit or Org Level Write permission in your custom role for user entity. Once that's given, they will be able to update user records that are owned by other users in the business. if they have user level write privilege to user entity, they can only rename the ones they own.
Suggested answer

Mahendar Pal 45,095 on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Hi,

Assuming they have edit permission already but it seems they are missing some specific privilege, can you check event viewer of the server after this error and see if there is any log , another option is to enable tracing in the server it will help you to identify specific privilege which these user is missing.

You can use this tool to enable tracing in the CRM server: archive.codeplex.com

and this tool to read trace: archive.codeplex.com

You can share your finding here.
Community Member on at

Like (0)

Report

RE: Access & Privilege needed, to re-name an Existing user in Dynamic 365 MS CRM

Hi Goutam,

Thanks for quick revert.

I have built a "new" security roles for our Support team - so they can do basics task of an system admin, like creating user. But this team "does not" have System Admin access, because of obvious reason, as we don't want any other actions to be taken by this team, which is ideally our L1 support.

Any other feedback.

Best Regards

Jasveer