Not possible to qualify leads I'm not owner of?

(0) Share

Report

Posted on by Fedorov

In our environment all users have a basic security role and should be able to qualify leads.

However, it seems now that it is only possible to qualify Leads that the user is owner of.

What we want is that any user should be able to qualify any Lead regardless of whether they are the owner or not.

I have set the security role for "create", "read", "write", "append" and "append to" to "Organization" but the users always get an error saying:

"You do not have enough privileges to access the Microsoft Dynamics 365 object or perform the requested operation".

I don't know what to do at this point. I've read where someone had the opposite problem, that they actually wanted users to be able to ONLY be allowed to qualify leads they are owner of and the solution was to set all the create, read, write-stuff to "user"...so I thought the opposite would be to elevate to higher privilige but it does not seem to work...

Any input appreciated.

All responses (7)

Answers (1)

Verified answer

David Jennaway 14,065 on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

The privileges on the systemuser entity are for User on the Business Management tab. The user will need at least organisation level on the Read privilege, and may need organisation level on the Append To privilege. The use will also need organisation level on the Read privilege for the Business Unit entity
Fedorov 40 on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

I don't get any info about what privilige is missing unfortunately.

Ideally, I would get something like "missing prvCreateContact" or something like that which many error messages contain but this particular error message does not contain anything like this. It just says "Entity: Contact" etc....
Suggested answer

Bipin D365 28,981 Moderator on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

Hi,

systemuser is owner lookup.

What permission is missing on systemuser?

Please mark my answer verified if i were helpful
Fedorov 40 on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

Ok, in the network tab of Chrome I get an error object containing the following "message":

"CallerPrincipal":{"PrincipalId":"15b7ee76-5288-ea11-a811-000d3ab114e3","Type":8,"IsUserPrincipal":true},"OwnerPrincipal":{"PrincipalId":"adb0dabe-4589-ea11-a811-000d3ab11b09","Type":8,"IsUserPrincipal":true},"ObjectId":"00000000-0000-0000-0000-000000000000","ObjectTypeCode":2,"EntityName":"contact","ObjectBusinessUnitId":"aa943c1e-309c-ea11-a812-000d3aba8599","RightsToCheck":"CreateAccess","RoleAccessRights":"None","PoaAccessRights":"None","HsmAccessRights":"None","GrantedAccessRights":"None","Messages":["PrincipalHasOwnerPrincipalWithAtLeastBasicPrivilegeDepth = False","EntityUserGroupRights = None","MinimumPrivilegeDepthRequired = Global","SecLib::AccessCheckEx2 failed. Owner Data: roleCount=3, privilegeCount=624, accessMode=0; Principal Data: roleCount=4, privilegeCount=637, accessMode=0"],"EntityOwnershipTypeMask":1,"CallerInfo":{"IsSystemUser":false,"IsSupportUser":false,"IsAdministrator":false,"IsCustomizer":false,"IsDisabled":false,"IsIntegrationUser":false,"Teams":null,"Roles":null},"ReadOnlyState":"UserAndOrgFullAccess","IsHsmEnabled":false,"HsmInfo":null}

The stack trace seems irrelevant for finding the error so I didn't post it.

As you can see it seems to complain about the "Contact" entity. ("EntityName: Contact")

The "create" right was set to "user" so I elevated it to "Organization" and then tried to qualify again. Then I got the same error except that now it complained about "Opportunity". So I set create right to "Organization" level for opportunity. Then I get the same error but now it says "SystemUser"...

And I don't know what about systemuser to do? There is no such core record what I can see...
gisiquei on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

Seems that another prvilege is missing to complete the operation.

In addition to Bipin comment, networking traffic tools can be also useful to identify the missing privilege, the user ID who is triggering the fail.
Suggested answer

Bipin D365 28,981 Moderator on at

Like (0)

Report

RE: Not possible to qualify leads I'm not owner of?

Hi,

Could you please download log if provided on CRM UI to investigate this issue further.

Also i would recommend to check Browser F12 chrome developer tool network tab to see response which can give you detailed error.

Please Mark My Answer Verified If I Were Helpful
a33ik 84,331 Most Valuable Professional on at

Like (1)

Report

RE: Not possible to qualify leads I'm not owner of?

Hello,

Is there any additional information that could explain what privilege is missing?

Community site session details

Not possible to qualify leads I'm not owner of?

Please mark my answer verified if i were helpful

Please Mark My Answer Verified If I Were Helpful

Helpful resources

Quick Links

Ramesh Kumar – Community Spotlight

Congratulations to the June Top 10 Community Leaders!

Announcing the Engage with the Community forum!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

Featured topics

Product updates

Community site session details

Not possible to qualify leads I'm not owner of?

Please mark my answer verified if i were helpful

Please Mark My Answer Verified If I Were Helpful

Helpful resources

Quick Links

Ramesh Kumar – Community Spotlight

Congratulations to the June Top 10 Community Leaders!

Announcing the Engage with the Community forum!

Subscribe to this forum!

Select categories

Leaderboard > Customer experience | Sales, Customer Insights, CRM

Featured topics

Product updates