Hi, while working on a Dynamics CRM 2016 customization project, we created some custom entities. Now, we are working on setting up the security roles together with our customer's Security Managers (SecMgrs) who will be on charge of administering the CRM Security. Those SecMgrs have noticed that when they want to assign a security role (any) to any internal user, Dynamics CRM is claiming for missing permissions for them (SecMgrs) on our custom entities. An example of the error message they are seeing is this:
<Message>RoleService::VerifyCallerPrivileges failed. User: 48825915-e7d5-e611-80bd-5cb901c89690, PrivilegeName: prvReadmycustomentity, PrivilegeId: 527ef36d-d58a-4ea0-8a8b-8acc0f902476, Depth: Basic, BusinessUnitId: b1df201b-e0d5-e611-80bd-5cb901c896d0</Message>
What is the reason for this behavior? Is this a fault with our custom entities settings? Why do the SecMgrs need specific permissions on custom entities to assign any roles to users? If this is a normal functionality in Dynamics CRM, is there any official documentation from Microsoft to support it?
I would appreciate your help and advise with this question. Thanks for your time reading this!!
Xavier
*This post is locked for comments
Each Entity in CRM has the following permissions:
Create, Read, Write, Delete, Append, Append To, Assign and Share
There are Global Privileges, such as Export to Excel and Entity Level Privileges as above, and they each have to be assigned separately.
Think of a scenario where your security managers have access to only reassign a specific set of records and not all records. This is why the permission is that way.
Thanks Aric for your answer. It makes sense to me your explanation. However, I have a doubt. The Security Managers already had a security role with the correct permissions and later our custom entities were added to the CRM. Why they need to modify again their security role to grant them read permission over our custom entities?
Xavier,
There is no difference between custom entities and system entities when it comes to security and privileges.
What you need to make sure is that the person who assigns the records, have the appropriate access rights to the record as well as to the assign privilege. I cannot assign a record if I don't have read access to the record.
In most cases the Read and Assign privilege or all that is necessary, but you might have additional requirements based on your assignment process.
See the following msdn article on ownership of records:
André Arnaud de Cal...
291,969
Super User 2025 Season 1
Martin Dráb
230,846
Most Valuable Professional
nmaenpaa
101,156