Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Can't remove a spe...
Microsoft Dynamics CRM (Archived)

Can't remove a specific security role from users

(0) ShareShare
ReportReport
Posted on by David Choi 20

Hello,

the reason why I want to remove users specific security roles is that I want to control the visibility of the business process flow via security roles.

My problem is, the users all have a specific security role assigned named "Vice President of Sales", which is a OOB security role and can't be edited and saved. This means I can not remove the rights of the visiblity of the business process flow.

So I want to remove this security role from the user, but it doesn't allow me and throws this error message:

"Insufficient Permissions

You do not have permission to access these records. Contact your Microsoft Dynamics 365 administrator. If you contact support, please provide the technical details."

Any advice? I'm a system admin, system administrator and system customizer according to my security roles.

Thanks!

*This post is locked for comments

  • David Choi Profile Picture
    David Choi 20 on at
    RE: Can't remove a specific security role from users

    Thanks,

    since I'm not able to change and adjust all the OOB security roles nor removing specific security roles from users, although I'm an admin in the CRM. I decided to hide the BPF section with a onload jscript on the form.

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at
    RE: Can't remove a specific security role from users

    Can you get a CRM Platform trace and include it here, together with the call stack of the exception ?

  • OhJupyter Profile Picture
    OhJupyter 10 on at
    RE: Can't remove a specific security role from users

    The feature to remove a Security role from BPF has been discontinued in later version of CRM. Please refer following blog, it deleted the Security Role instead:

    [View:https://www.magnetismsolutions.com/blog/roshanmehta/2017/09/04/be-careful-when-configuring-security-roles-for-business-process-flows-in-dynamics-365:750:50]

    You need to check whether the Security Roles assigned to you are not custom. Do you get “System administrator role cannot be updated or modified.” message in your System Admin Security role? as below:

    System-Admin-Role.jpg

    If not, ask a system admin to assign System Admin role to you. Then you can perform above actions, i.e. remove visibility of a certain Business Process Flow from Security Roles in Business Process Flow tab:

    Business-Process-Flow-Processes.jpg

    Or Remove Security Role from a User.

  • David Choi Profile Picture
    David Choi 20 on at
    RE: Can't remove a specific security role from users

    Thank you for your reply, but unfortunately changing the user the business unit also gives me the same error. As you wrote, changing the business unit will remove the security role. I believe the error came because the system wants to remove the security role, but it can't.

    The error exception from the log file:

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: RoleService::VerifyCallerPrivileges failed. User: e14bf277-a3c9-e911-80e8-005056874ea2, PrivilegeName: prvCreatemsdyn_bpf_9ff89a5f30cc4dbd957f5f33d925dc12, PrivilegeId: c116649e-e108-45d6-9e49-5385e8bf662d, Depth: Global, BusinessUnitId: 6e45ff4a-4844-e711-80df-005056874ea2Detail: 

  431619b3-36b2-4714-bb87-af51fa5ca563
  -2147220960
  
  RoleService::VerifyCallerPrivileges failed. User: e14bf277-a3c9-e911-80e8-005056874ea2, PrivilegeName: prvCreatemsdyn_bpf_9ff89a5f30cc4dbd957f5f33d925dc12, PrivilegeId: c116649e-e108-45d6-9e49-5385e8bf662d, Depth: Global, BusinessUnitId: 6e45ff4a-4844-e711-80df-005056874ea2
  2019-09-19T08:40:52.7711378Z
  false

  • Suggested answer
    Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at
    RE: Can't remove a specific security role from users

    Have you tried moving the user a a different BU and back? This should remove all security roles - docs.microsoft.com/.../create-edit-business-units:  "By changing the business unit for a user, you remove all security role assignments for the user. "

    If this still fails, then i suggest collecting a CRM Platform trace and check the exception there, together with the call stack as this would give more details.

    You can also paste the exception in this thread for assistance.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,494 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,305 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans