Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Dynamics 365 general forum / Access Denied Error wh...
Dynamics 365 general forum

Access Denied Error when accessing options, personal settings, synchronization, manage filters

(0) ShareShare
ReportReport
Posted on by ACECORP 1,581

I have a very strange problem in Dynamics 365 version 9 and I am hoping someone has encountered it and knows the fix.

I have a user with a problem, User A, that is a member of the exact same security roles as users that do not have the problem (User B, C, and D), so I am at a total loss as to root cause, and cannot fix it.

The problem is this:

When User A clicks on options, then clicks on the synchronization tab, then clicks on "filters" (circled below in red), they get an access denied error message. 

 UserA_2D00_001.png UserA_2D00_002.png

The download error log contains the following:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: f8958ad4-b1ea-4972-8544-b685167f4f6e, OwnerId: d2516c90-6f04-e811-a962-000d3a1a7089,  OwnerIdType: 8 and CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. ObjectTypeCode: 4230, objectBusinessUnitId: 054d7187-34e2-e711-a95b-000d3a180af8, AccessRights: 9 Detail: 
<OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance" xmlns="schemas.microsoft.com/.../Contracts">
  <ActivityId>20525bae-0b94-475e-9493-91d9c653113a</ActivityId>
  <ErrorCode>-2147187962</ErrorCode>
  <ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic">
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiExceptionSourceKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">Plugin/Microsoft.Crm.ObjectModel.UserQueryService</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiOriginalExceptionKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: f8958ad4-b1ea-4972-8544-b685167f4f6e, OwnerId: d2516c90-6f04-e811-a962-000d3a1a7089,  OwnerIdType: 8 and CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. ObjectTypeCode: 4230, objectBusinessUnitId: 054d7187-34e2-e711-a95b-000d3a180af8, AccessRights: 9  ---&gt; Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: f8958ad4-b1ea-4972-8544-b685167f4f6e, OwnerId: d2516c90-6f04-e811-a962-000d3a1a7089,  OwnerIdType: 8 and CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. ObjectTypeCode: 4230, objectBusinessUnitId: 054d7187-34e2-e711-a95b-000d3a180af8, AccessRights: 9 
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx2(ExecutionContext context, SecurityPrincipal principal, SecurityPrincipal ownerPrincipal, Guid objectId, Int32 objectTypeCode, Guid objectBusinessUnitId, AccessRights rights)
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx(ExecutionContext context, SecurityAttributes attributes, AccessRights rights)
   at Microsoft.Crm.BusinessEntities.SecurityExtension.PreRetrievePrincipalAccessHandler(ExtensionEventArgs e, Object sender)
   at Microsoft.Crm.BusinessEntities.BusinessProcessObject.PreRetrievePrincipalAccessEventHandler.Invoke(Object sender, ExtensionEventArgs e)
   at Microsoft.Crm.BusinessEntities.BusinessProcessObject.RetrievePrincipalAccess(BusinessEntityMoniker moniker, SecurityPrincipal principal, ExecutionContext context)
   --- End of inner exception stack trace ---
   at Microsoft.Crm.Extensibility.VersionedPluginProxyStepBase.Execute(PipelineExecutionContext context)
   at Microsoft.Crm.Extensibility.PipelineInstrumentationHelper.Execute(Boolean instrumentationEnabled, String stopwatchName, ExecuteWithInstrumentation action, PipelineExecutionContext context)
   at Microsoft.Crm.Extensibility.Pipeline.&lt;&gt;c__DisplayClass1_1.&lt;Execute&gt;b__0()</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiStepKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">97ccbb1b-ea3e-db11-86a7-000a3a5473e8</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiDepthKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">1</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiActivityIdKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">20525bae-0b94-475e-9493-91d9c653113a</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiPluginSolutionNameKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">System</d2p1:value>
    </KeyValuePairOfstringanyType>
    <KeyValuePairOfstringanyType>
      <d2p1:key>ApiStepSolutionNameKey</d2p1:key>
      <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">System</d2p1:value>
    </KeyValuePairOfstringanyType>
  </ErrorDetails>
  <Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: f8958ad4-b1ea-4972-8544-b685167f4f6e, OwnerId: d2516c90-6f04-e811-a962-000d3a1a7089,  OwnerIdType: 8 and CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. ObjectTypeCode: 4230, objectBusinessUnitId: 054d7187-34e2-e711-a95b-000d3a180af8, AccessRights: 9 </Message>
  <Timestamp>2018-04-27T14:17:36.5409838Z</Timestamp>
  <ExceptionRetriable>false</ExceptionRetriable>
  <ExceptionSource i:nil="true" />
  <InnerFault i:nil="true" />
  <OriginalException i:nil="true" />
  <TraceText i:nil="true" />
</OrganizationServiceFault>


The user has the Manage User Synchronization Filters Privilege on Core Records enabled and is a member of the exact same security roles as users who do not have the problem.

Any advice or recommendations on how to identify and resolve this issue would be greatly appreciated.

  • Verified answer
    ACECORP Profile Picture
    ACECORP 1,581 on at
    RE: Access Denied Error when accessing options, personal settings, synchronization, manage filters

    This has been escalated to Microsoft Support. The issue appears to be some kind of bug with version 9. Microsoft Support has duplicated our environment and is currently tracing this out with the thought version 9 has some kind of bug that is causing this.

  • bac26 Profile Picture
    bac26 2,268 on at
    RE: Access Denied Error when accessing options, personal settings, synchronization, manage filters

    Are they both using the same browser?   Does the issue follow them on whatever machine they try it from?

    To truly test if it is permission, give the user System admin for 5 minutes.  Have them try it. If it works then you are missing permissions somewhere.  If it does not work, then it is not permission related..

  • Suggested answer
    Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Access Denied Error when accessing options, personal settings, synchronization, manage filters

    Hi Jim,

    From the Error message:

    "<Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: f8958ad4-b1ea-4972-8544-b685167f4f6e, OwnerId: d2516c90-6f04-e811-a962-000d3a1a7089,  OwnerIdType: 8 and CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. ObjectTypeCode: 4230, objectBusinessUnitId: 054d7187-34e2-e711-a95b-000d3a180af8, AccessRights: 9 </Message> "

    Let's 1st confirm that the User is the same as the CallingUser by checking the GUID as CallingUser: d2516c90-6f04-e811-a962-000d3a1a7089. (It will ideally be the same but better to confirm for any exceptions)

    For checking the GUID, there are multiple ways and 1 of them is by opening the User record in a new tab/window to get the URL and replace the highlighted part as below and running it in the same browser session ,

    https://<org>.crm.dynamics.com/main.aspx?etc=8&extraqs=&histKey=621001098&id=%7b9E22B236-5FB9-49C7-9BF1-4DCC7C8AFB70%7d&newWindow=true&pagetype=entityrecord

    2nd the permission is pointing to ObjectTypeCode: 4230 which is = UserQuery (Saved View),

    We can check it under the User's Security Role->Core Records->Saved View. User level access for all permissions is recommended.

    Hope it helps.

    -Aamer

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Coming on 11/8!

In our never-ending quest to help the Dynamics 365 Community members get answers faster …

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,494 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,305 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans