web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Cannot create new reco...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested Answer

Cannot create new record when ReadAccess is set to Business Unit

(3) ShareShare
ReportReport
Posted on by CU13111729-0 8

I created a new Security Role (ex: Employee) for a Team that allows the following:
O = Organization | B = Business Unit
Read (B) | Create, Write, Append, AppendTo (O)

But when I create a new record, I get the following error:
The Record is successfully saved. user with id <user id> does not have ReadAccess right(s) for record with id <record id> of entity Employee. Consider assigning a role with the required access level to the user or team.

However I can edit existing Records just fine.

If I change the Read Access to Organization, I can now create new record.

Why do I need Organization Read Access level to create a record for
Business Unit? I don't want users from this Business Unit to see
everything.

Categories:
Dynamics 365 general
I have the same question (2)
  • Suggested answer
    Amit Katariya007 Profile Picture
    Amit Katariya007 10,409 Moderator on at
    Tell me why u have Write and create access as org level if you have provided read access as BU levels?
     
    If user will not able to see any records then they will not able to edit also.
  • Suggested answer
    Abhishek Dhoriya Profile Picture
    Abhishek Dhoriya 1,013 on at

    It sounds like you're encountering an issue with the security role configuration in Dynamics 365. The error message you're seeing indicates that the user does not have the necessary ReadAccess rights for the entity when trying to create a new record. This can be a bit confusing, especially since you can edit existing records just fine.

    Explanation:

    When you create a new record, Dynamics 365 needs to verify that the user has the appropriate read permissions for the entity. This is because, during the creation process, the system might need to read certain metadata or related records to complete the operation. If the ReadAccess is set to Business Unit (B), the user must have read permissions within the same business unit as the record being created.

    Why Organization Read Access is Needed:

    1. Metadata and Related Records: During the creation of a new record, Dynamics 365 might need to access metadata or related records that are not confined to the user's business unit. This requires broader read access.
    2. Security Role Configuration: The security role configuration might require read access at the organization level to ensure that all necessary data can be accessed during the record creation process.

    Solution:

    To resolve this issue, you can consider the following options:

    1. Adjust Security Role:

      • Temporarily set the ReadAccess to Organization (O) while creating new records. This ensures that all necessary data can be accessed during the creation process.
      • After the record is created, you can revert the ReadAccess to Business Unit (B) if needed.

    2. Custom Plugin or Workflow:

      • Implement a custom plugin or workflow that handles the creation of new records. This plugin can run with elevated privileges, ensuring that all necessary data can be accessed during the creation process.

    3. Review Business Unit Structure:

      • Ensure that the business unit structure and security roles are configured correctly. Sometimes, restructuring the business units or adjusting the security roles can help resolve such issues.

    Example:

    Here's an example of how you might adjust the security role temporarily:

    // Adjust security role to Organization level
securityRole["readaccess"] = AccessLevel.Organization;

// Create the new record
Entity newRecord = new Entity("employee");
newRecord["name"] = "New Employee";
service.Create(newRecord);

// Revert security role to Business Unit level
securityRole["readaccess"] = AccessLevel.BusinessUnit;

    By following these steps, you should be able to resolve the issue and create new records without requiring organization-level read access permanently. If you need further assistance, feel free to ask1[2][3]


    References

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
11manish Profile Picture

11manish 109

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 76 Super User 2026 Season 1

#3
Martin Dráb Profile Picture

Martin Dráb 58 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Welcome to the Microsoft Dynamics 365 forum!
Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans