Skip to main content

Notifications

Announcements

No record found.

Dynamics 365 Community / Forums / Sales forum / Not possible to qualif...
Sales forum
Answered

Not possible to qualify leads I'm not owner of?

Posted on by 338

In our environment all users have a basic security role and should be able to qualify leads.

However, it seems now that it is only possible to qualify Leads that the user is owner of.

What we want is that any user should be able to qualify any Lead regardless of whether they are the owner or not.

I have set the security role for "create", "read", "write", "append" and "append to" to "Organization" but the users always get an error saying:

"You do not have enough privileges to access the Microsoft Dynamics 365 object or perform the requested operation".

I don't know what to do at this point. I've read where someone had the opposite problem, that they actually wanted users to be able to ONLY be allowed to qualify leads they are owner of and the solution was to set all the create, read, write-stuff to "user"...so I thought the opposite would be to elevate to higher privilige but it does not seem to work...

Any input appreciated.

  • Verified answer
    David Jennaway Profile Picture
    David Jennaway 14,061 on at
    RE: Not possible to qualify leads I'm not owner of?

    The privileges on the systemuser entity are for User on the Business Management tab. The user will need at least organisation level on the Read privilege, and may need organisation level on the Append To privilege. The use will also need organisation level on the Read privilege for the Business Unit entity

  • Fedorov Profile Picture
    Fedorov 338 on at
    RE: Not possible to qualify leads I'm not owner of?

    I don't get any info about what privilige is missing unfortunately.

    Ideally, I would get something like "missing prvCreateContact" or something like that which many error messages contain but this particular error message does not contain anything like this. It just says "Entity: Contact" etc....

  • Suggested answer
    Bipin D365 Profile Picture
    Bipin D365 28,962 Moderator on at
    RE: Not possible to qualify leads I'm not owner of?

    Hi,

    systemuser is owner lookup.

    What permission is missing on systemuser?

    Please mark my answer verified if i were helpful

  • Fedorov Profile Picture
    Fedorov 338 on at
    RE: Not possible to qualify leads I'm not owner of?

    Ok, in the network tab of Chrome I get an error object containing the following "message":

    "CallerPrincipal":{"PrincipalId":"15b7ee76-5288-ea11-a811-000d3ab114e3","Type":8,"IsUserPrincipal":true},"OwnerPrincipal":{"PrincipalId":"adb0dabe-4589-ea11-a811-000d3ab11b09","Type":8,"IsUserPrincipal":true},"ObjectId":"00000000-0000-0000-0000-000000000000","ObjectTypeCode":2,"EntityName":"contact","ObjectBusinessUnitId":"aa943c1e-309c-ea11-a812-000d3aba8599","RightsToCheck":"CreateAccess","RoleAccessRights":"None","PoaAccessRights":"None","HsmAccessRights":"None","GrantedAccessRights":"None","Messages":["PrincipalHasOwnerPrincipalWithAtLeastBasicPrivilegeDepth = False","EntityUserGroupRights = None","MinimumPrivilegeDepthRequired = Global","SecLib::AccessCheckEx2 failed. Owner Data: roleCount=3, privilegeCount=624, accessMode=0; Principal Data: roleCount=4, privilegeCount=637, accessMode=0"],"EntityOwnershipTypeMask":1,"CallerInfo":{"IsSystemUser":false,"IsSupportUser":false,"IsAdministrator":false,"IsCustomizer":false,"IsDisabled":false,"IsIntegrationUser":false,"Teams":null,"Roles":null},"ReadOnlyState":"UserAndOrgFullAccess","IsHsmEnabled":false,"HsmInfo":null}

    The stack trace seems irrelevant for finding the error so I didn't post it. 

    As you can see it seems to complain about the "Contact" entity. ("EntityName: Contact")

    The "create" right was set to "user" so I elevated it to "Organization" and then tried to qualify again. Then I got the same error except that now it complained about "Opportunity". So I set create right to "Organization" level for opportunity. Then I get the same error but now it says "SystemUser"...

    And I don't know what about systemuser to do? There is no such core record what I can see...

  • gisiquei Profile Picture
    gisiquei on at
    RE: Not possible to qualify leads I'm not owner of?

    Seems that another prvilege is missing to complete the operation.

    In addition to Bipin comment, networking traffic tools can be also useful to identify the missing privilege, the user ID who is triggering the fail. 

  • Suggested answer
    Bipin D365 Profile Picture
    Bipin D365 28,962 Moderator on at
    RE: Not possible to qualify leads I'm not owner of?

    Hi,

    Could you please download log if provided on CRM UI to investigate this issue further.

    Also i would recommend to check Browser F12 chrome developer tool network tab to see response which can give you detailed error.

    Please Mark My Answer Verified If I Were Helpful

  • a33ik Profile Picture
    a33ik 84,321 Moderator on at
    RE: Not possible to qualify leads I'm not owner of?

    Hello,

    Is there any additional information that could explain what privilege is missing?

Helpful resources

Quick Links

Dynamics 365 Community Update – Sep 9th

Welcome to the next edition of the Community Platform Update. This is a weekly…

Announcing Our 2024 Season 2 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,252 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 228,089 Super User 2024 Season 2

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans