Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Field security Level d...
Customer experience | Sales, Customer Insights,...
Answered

Field security Level does not appear in Field security profile dynamics 365 and cannot disable field security on entity Account (Field Territory)

(0) ShareShare
ReportReport
Posted on by Nishant Arora 25

I upgrade MS Dynamic CRM 8.2 to 9.0. After upgrade territory field from Account missing from Field security profile.

As Administrator I should be able to see those fields in the field security profiles and set the Read, Update and Create setup for the profiles but I cannot see those fields at all there in the security profiles.

Also As Administrator I should be able to change the fields security levels from all of the fields, but when I try to do this disable it, An error appears with insufficient permissions.

ERROR LOG

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Caller f6b83ea5-9fe7-e411-aedb-001a64d2b64e does not have full permissions on the attribute 'territoryid' to unsecure the attributeDetail:
<OrganizationServiceFault xmlns:i="">www.w3.org/.../XMLSchema-instance" xmlns="">schemas.microsoft.com/.../Contracts">
<ActivityId>1a87170b-1646-45c1-a2e9-ccf0e5d8c15f</ActivityId>
<ErrorCode>-2147158771</ErrorCode>
<ErrorDetails xmlns:d2p1="">schemas.datacontract.org/.../System.Collections.Generic" />
<Message>Caller f6b83ea5-9fe7-e411-aedb-001a64d2b64e does not have full permissions on the attribute 'territoryid' to unsecure the attribute</Message>
<Timestamp>2020-04-02T13:58:00.1841257Z</Timestamp>
<ExceptionRetriable>false</ExceptionRetriable>
<ExceptionSource i:nil="true" />
<InnerFault i:nil="true" />
<OriginalException i:nil="true" />
<TraceText i:nil="true" />
</OrganizationServiceFault>

  • Verified answer
    Miguel Lourenco Profile Picture
    Miguel Lourenco on at
    RE: Field security Level does not appear in Field security profile dynamics 365 and cannot disable field security on entity Account (Field Territory)

    Hi,

    I believe this was a known issue in one of the updates. Which one do you installed?

    You should install latest or execute:

    /*Description: 
		This script adds the missing FieldPermission attributes for the System Admin users and updates the user's principal attribute access
*/

-- The SystemAdminProfile guid is fixed guid across all CRM instances
DECLARE @SysAdminProfileId UNIQUEIDENTIFIER = '572329C1-A042-4E22-BE47-367C6374EA45'

/*
*	FIND MISSING ADMIN FIELD SECURITY ATTRIBUTES
*/
DECLARE @MissingAdminSecuredAttributes TABLE(
	LogicalName NVARCHAR(50),
	ObjectTypeCode INT,
	SolutionId UNIQUEIDENTIFIER,
	IsManaged BIT)

-- Find the missing secured attributes for the admin profile
INSERT INTO @MissingAdminSecuredAttributes
SELECT
	av.LogicalName,
	ev.ObjectTypeCode,
	ev.SolutionId,
	av.IsManaged
FROM AttributeView av
JOIN EntityView ev
	ON ev.EntityId = av.EntityId
WHERE av.IsSecured = 1
	AND av.LogicalName NOT IN (
			SELECT
				fp.AttributeLogicalName
			FROM FieldPermission fp
			WHERE fp.FieldSecurityProfileId = @SysAdminProfileId
				AND fp.EntityName = ev.ObjectTypeCode)

DECLARE @MissingAdminSecuredAttributesCount INT = @@ROWCOUNT

IF (@MissingAdminSecuredAttributesCount = 0)
	RETURN

/*
*	INSERT MISSING ADMIN FIELD SECURITY ATTRIBUTES INTO FIELDPERMISSIONSTABLE
*/
-- Insert missing admin secured attributes into FieldPermissionBase - Active Row 
INSERT INTO FieldPermissionBase(
	AttributeLogicalName, 
	EntityName, 
	SolutionId, 
	IsManaged, 
	CanRead, 
	CanUpdate, 
	CanCreate, 
	FieldSecurityProfileId, 
	ComponentState, 
	OverwriteTime, 
	FieldPermissionId) 
SELECT
	LogicalName,
	ObjectTypeCode,
	SolutionId,
	IsManaged,
	4,
	4,
	4,
	@SysAdminProfileId,
	0,
	0,
	NEWID()
FROM @MissingAdminSecuredAttributes

-- Insert missing admin secured attributes into FieldPermissionBase - Sentinel Row 
INSERT INTO FieldPermissionBase(
	AttributeLogicalName, 
	EntityName, 
	SolutionId, 
	IsManaged, 
	CanRead, 
	CanUpdate, 
	CanCreate, 
	FieldSecurityProfileId, 
	ComponentState, 
	OverwriteTime, 
	FieldPermissionId)
SELECT
	fp.AttributeLogicalName, 
	fp.EntityName, 
	fp.SolutionId, 
	fp.IsManaged, 
	4, 
	4, 
	4, 
	@SysAdminProfileId, 
	2, 
	GETUTCDATE(), 
	fp.FieldPermissionId 
FROM FieldPermissionBase fp
WHERE fp.AttributeLogicalName IN (
		SELECT
			ma.LogicalName
		FROM @MissingAdminSecuredAttributes ma
		WHERE ma.ObjectTypeCode = fp.EntityName)

-- Verify attributes are no longer missing
SELECT
	av.LogicalName AS StillMissingLogicalName
FROM AttributeView av
JOIN EntityView ev
	ON ev.EntityId = av.EntityId
WHERE av.IsSecured = 1
	AND av.LogicalName NOT IN (
			SELECT
				fp.AttributeLogicalName
			FROM FieldPermission fp
			WHERE fp.FieldSecurityProfileId = @SysAdminProfileId
				AND fp.EntityName = ev.ObjectTypeCode)

DECLARE @UpdatedMissingAdminSecuredAttributesCount INT = @@ROWCOUNT

/*
*	UPDATE SYSTEM ADMIN USERS ATTRIBUTE ACCESS
*/
DECLARE @SystemAdminProfileUserIds EntityIdCollection;
DECLARE @SystemAdminProfileTeamIds EntityIdCollection;

-- Find users associated to the System Admin profile
INSERT INTO @SystemAdminProfileUserIds
SELECT 
	sup.SystemUserId 
FROM SystemUserProfiles sup 
WHERE sup.FieldSecurityProfileId = @SysAdminProfileId 

-- Find teams associated to the System Admin profile
INSERT INTO @SystemAdminProfileTeamIds
SELECT 
	tp.TeamId 
FROM TeamProfiles tp 
WHERE tp.FieldSecurityProfileId = @SysAdminProfileId 

-- Bulk update the access for the teams and users associated with the Admin profile
EXEC p_PrincipalAttributeAccessMapReinitBulk
	@SystemAdminProfileUserIds,
	@SystemAdminProfileTeamIds,
	1;

    Please do a backup before executing any SQL script. After executing this do an IISReset.

    EDIT: this script can be found inside Update 9.0.9.4.

    Regards,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Congratulations to all our community participants!

Adis Hodzic – Community Spotlight

We are honored to recognize Adis Hodzic as our May 2025 Community…

Kudos to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Daivat Vartak (v-9davar) Profile Picture

Daivat Vartak (v-9d... 220 Super User 2025 Season 1

#2
Vahid Ghafarpour Profile Picture

Vahid Ghafarpour 78 Super User 2025 Season 1

#3
Sahra Profile Picture

Sahra 43

Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans