You’re offline. This is a read only version of the page.
25
I upgrade MS Dynamic CRM 8.2 to 9.0. After upgrade territory field from Account missing from Field security profile.
As Administrator I should be able to see those fields in the field security profiles and set the Read, Update and Create setup for the profiles but I cannot see those fields at all there in the security profiles.
Also As Administrator I should be able to change the fields security levels from all of the fields, but when I try to do this disable it, An error appears with insufficient permissions.
ERROR LOG
Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Caller f6b83ea5-9fe7-e411-aedb-001a64d2b64e does not have full permissions on the attribute 'territoryid' to unsecure the attributeDetail:
<OrganizationServiceFault xmlns:i="">www.w3.org/.../XMLSchema-instance" xmlns="">schemas.microsoft.com/.../Contracts">
<ActivityId>1a87170b-1646-45c1-a2e9-ccf0e5d8c15f</ActivityId>
<ErrorCode>-2147158771</ErrorCode>
<ErrorDetails xmlns:d2p1="">schemas.datacontract.org/.../System.Collections.Generic" />
<Message>Caller f6b83ea5-9fe7-e411-aedb-001a64d2b64e does not have full permissions on the attribute 'territoryid' to unsecure the attribute</Message>
<Timestamp>2020-04-02T13:58:00.1841257Z</Timestamp>
<ExceptionRetriable>false</ExceptionRetriable>
<ExceptionSource i:nil="true" />
<InnerFault i:nil="true" />
<OriginalException i:nil="true" />
<TraceText i:nil="true" />
</OrganizationServiceFault>
Hi,
I believe this was a known issue in one of the updates. Which one do you installed?
You should install latest or execute:
/*Description: This script adds the missing FieldPermission attributes for the System Admin users and updates the user's principal attribute access */ -- The SystemAdminProfile guid is fixed guid across all CRM instances DECLARE @SysAdminProfileId UNIQUEIDENTIFIER = '572329C1-A042-4E22-BE47-367C6374EA45' /* * FIND MISSING ADMIN FIELD SECURITY ATTRIBUTES */ DECLARE @MissingAdminSecuredAttributes TABLE( LogicalName NVARCHAR(50), ObjectTypeCode INT, SolutionId UNIQUEIDENTIFIER, IsManaged BIT) -- Find the missing secured attributes for the admin profile INSERT INTO @MissingAdminSecuredAttributes SELECT av.LogicalName, ev.ObjectTypeCode, ev.SolutionId, av.IsManaged FROM AttributeView av JOIN EntityView ev ON ev.EntityId = av.EntityId WHERE av.IsSecured = 1 AND av.LogicalName NOT IN ( SELECT fp.AttributeLogicalName FROM FieldPermission fp WHERE fp.FieldSecurityProfileId = @SysAdminProfileId AND fp.EntityName = ev.ObjectTypeCode) DECLARE @MissingAdminSecuredAttributesCount INT = @@ROWCOUNT IF (@MissingAdminSecuredAttributesCount = 0) RETURN /* * INSERT MISSING ADMIN FIELD SECURITY ATTRIBUTES INTO FIELDPERMISSIONSTABLE */ -- Insert missing admin secured attributes into FieldPermissionBase - Active Row INSERT INTO FieldPermissionBase( AttributeLogicalName, EntityName, SolutionId, IsManaged, CanRead, CanUpdate, CanCreate, FieldSecurityProfileId, ComponentState, OverwriteTime, FieldPermissionId) SELECT LogicalName, ObjectTypeCode, SolutionId, IsManaged, 4, 4, 4, @SysAdminProfileId, 0, 0, NEWID() FROM @MissingAdminSecuredAttributes -- Insert missing admin secured attributes into FieldPermissionBase - Sentinel Row INSERT INTO FieldPermissionBase( AttributeLogicalName, EntityName, SolutionId, IsManaged, CanRead, CanUpdate, CanCreate, FieldSecurityProfileId, ComponentState, OverwriteTime, FieldPermissionId) SELECT fp.AttributeLogicalName, fp.EntityName, fp.SolutionId, fp.IsManaged, 4, 4, 4, @SysAdminProfileId, 2, GETUTCDATE(), fp.FieldPermissionId FROM FieldPermissionBase fp WHERE fp.AttributeLogicalName IN ( SELECT ma.LogicalName FROM @MissingAdminSecuredAttributes ma WHERE ma.ObjectTypeCode = fp.EntityName) -- Verify attributes are no longer missing SELECT av.LogicalName AS StillMissingLogicalName FROM AttributeView av JOIN EntityView ev ON ev.EntityId = av.EntityId WHERE av.IsSecured = 1 AND av.LogicalName NOT IN ( SELECT fp.AttributeLogicalName FROM FieldPermission fp WHERE fp.FieldSecurityProfileId = @SysAdminProfileId AND fp.EntityName = ev.ObjectTypeCode) DECLARE @UpdatedMissingAdminSecuredAttributesCount INT = @@ROWCOUNT /* * UPDATE SYSTEM ADMIN USERS ATTRIBUTE ACCESS */ DECLARE @SystemAdminProfileUserIds EntityIdCollection; DECLARE @SystemAdminProfileTeamIds EntityIdCollection; -- Find users associated to the System Admin profile INSERT INTO @SystemAdminProfileUserIds SELECT sup.SystemUserId FROM SystemUserProfiles sup WHERE sup.FieldSecurityProfileId = @SysAdminProfileId -- Find teams associated to the System Admin profile INSERT INTO @SystemAdminProfileTeamIds SELECT tp.TeamId FROM TeamProfiles tp WHERE tp.FieldSecurityProfileId = @SysAdminProfileId -- Bulk update the access for the teams and users associated with the Admin profile EXEC p_PrincipalAttributeAccessMapReinitBulk @SystemAdminProfileUserIds, @SystemAdminProfileTeamIds, 1;
Please do a backup before executing any SQL script. After executing this do an IISReset.
EDIT: this script can be found inside Update 9.0.9.4.
Regards,
Share
Report
All responses (
Answers (
