web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / On Assign of record i ...
Microsoft Dynamics CRM (Archived)

On Assign of record i am getting Error Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx2 failed.

(0) ShareShare
ReportReport
Posted on by Sainath Pillanagrovi 217

Hi All,

On Assign of record to other user/team i am getting below error.and user has BU level privileges on that Entity.

Unhandled exception:
Exception type: System.ServiceModel.FaultException`1[Microsoft.Xrm.Sdk.OrganizationServiceFault]
Message: SecLib::AccessCheckEx2 failed. Entity Name:agreement,OwnershipTypeMask:UserOwned, ObjectId: 20661258-5d04-e911-a96c-000d3af075c4, OwnerId:0fcda679-4604-e911-a968-000d3af06ac5, OwnerIdType:9, OwnerData: teamType=0, privilegeCount=392 and CallingUser:ef01f53c-bf12-e711-810d-c4346bdd2111, CallerBusinessId:f5fc41a4-6114-e711-810f-c4346bdcdd21 PrincipalData: accessMode= 0, roleCount=3, privilegeCount=494. ObjectTypeCode:10013, ObjectBusinessUnitId:50dbd188-b208-e711-810e-c4346bdcdd21, AccessRights: ReadAccess. Computed rightsToCheck=ReadAccess, grantedRights=8, hsmGrantedRights=None, grantedRightsWithHsm=8, Detail:
<OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance" xmlns="schemas.microsoft.com/.../Contracts">
<ActivityId>e237e551-3177-4ccc-845d-552abedd71c6</ActivityId>
<ErrorCode>-2147187962</ErrorCode>
<ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic">
<KeyValuePairOfstringanyType>
<d2p1:key>ApiExceptionSourceKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">Plugin/Microsoft.Crm.ObjectModel.CustomBusinessEntityService</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiOriginalExceptionKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx2 failed. Entity Name:agreement,OwnershipTypeMask:UserOwned, ObjectId: 20661258-5d04-e911-a96c-000d3af075c4, OwnerId:0fcda679-4604-e911-a968-000d3af06ac5, OwnerIdType:9, OwnerData: teamType=0, privilegeCount=392 and CallingUser:ef01f53c-bf12-e711-810d-c4346bdd2111, CallerBusinessId:f5fc41a4-6114-e711-810f-c4346bdcdd21 PrincipalData: accessMode= 0, roleCount=3, privilegeCount=494. ObjectTypeCode:10013, ObjectBusinessUnitId:50dbd188-b208-e711-810e-c4346bdcdd21, AccessRights: ReadAccess. Computed rightsToCheck=ReadAccess, grantedRights=8, hsmGrantedRights=None, grantedRightsWithHsm=8, ---&gt; Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx2 failed. Entity Name:agreement,OwnershipTypeMask:UserOwned, ObjectId: 20661258-5d04-e911-a96c-000d3af075c4, OwnerId:0fcda679-4604-e911-a968-000d3af06ac5, OwnerIdType:9, OwnerData: teamType=0, privilegeCount=392 and CallingUser:ef01f53c-bf12-e711-810d-c4346bdd2111, CallerBusinessId:f5fc41a4-6114-e711-810f-c4346bdcdd21 PrincipalData: accessMode= 0, roleCount=3, privilegeCount=494. ObjectTypeCode:10013, ObjectBusinessUnitId:50dbd188-b208-e711-810e-c4346bdcdd21, AccessRights: ReadAccess. Computed rightsToCheck=ReadAccess, grantedRights=8, hsmGrantedRights=None, grantedRightsWithHsm=8,
at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx2(ExecutionContext context, SecurityPrincipal principal, SecurityPrincipal ownerPrincipal, Guid objectId, Int32 objectTypeCode, Guid objectBusinessUnitId, AccessRights rights)
at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx(ExecutionContext context, SecurityAttributes attributes, AccessRights rights)
at Microsoft.Crm.BusinessEntities.SecurityExtension.PostRetrieveHandler(ExtensionEventArgs e)
at Microsoft.Crm.BusinessEntities.BusinessProcessObject.PostRetrieveEventHandler.Invoke(Object sender, ExtensionEventArgs e)
at Microsoft.Crm.BusinessEntities.BusinessProcessObject.&lt;&gt;c__DisplayClass178_0.&lt;TryRetrieve&gt;b__0()
at Microsoft.PowerApps.CoreFramework.ActivityLoggerExtensions.Execute[TResult](ILogger logger, EventId eventId, ActivityType activityType, Func`1 func, IEnumerable`1 additionalCustomProperties)
at Microsoft.Xrm.Telemetry.XrmTelemetryExtensions.Execute[TResult](ILogger logger, XrmTelemetryActivityType activityType, Func`1 func)
at Microsoft.Crm.BusinessEntities.BusinessProcessObject.TryRetrieve(BusinessEntityMoniker moniker, EntityExpression entityExpression, ExecutionContext context, LocalizedEnumLabelCache localizedEnumLabelCache, DatabaseQueryTarget queryTarget, BusinessEntity&amp; businessEntity)
at Microsoft.Crm.BusinessEntities.BusinessProcessObject.Retrieve(BusinessEntityMoniker moniker, EntityExpression entityExpression, ExecutionContext context)
--- End of inner exception stack trace ---
at Microsoft.Crm.Extensibility.VersionedPluginProxyStepBase.Execute(PipelineExecutionContext context)
at Microsoft.Crm.Extensibility.PipelineInstrumentationHelper.Execute(Boolean instrumentationEnabled, String stopwatchName, ExecuteWithInstrumentation action, PipelineExecutionContext context)
at Microsoft.Crm.Extensibility.Pipeline.&lt;&gt;c__DisplayClass2_1.&lt;Execute&gt;b__0()</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiStepKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">ba798a89-6214-e711-8136-c4346bdd2151</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiDepthKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">1</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiActivityIdKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">e237e551-3177-4ccc-845d-552abedd71c6</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiPluginSolutionNameKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">System</d2p1:value>
</KeyValuePairOfstringanyType>
<KeyValuePairOfstringanyType>
<d2p1:key>ApiStepSolutionNameKey</d2p1:key>
<d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema" i:type="d4p1:string">System</d2p1:value>
</KeyValuePairOfstringanyType>
</ErrorDetails>
<Message>SecLib::AccessCheckEx2 failed. Entity Name:agreement,OwnershipTypeMask:UserOwned, ObjectId: 20661258-5d04-e911-a96c-000d3af075c4, OwnerId:0fcda679-4604-e911-a968-000d3af06ac5, OwnerIdType:9, OwnerData: teamType=0, privilegeCount=392 and CallingUser:ef01f53c-bf12-e711-810d-c4346bdd2111, CallerBusinessId:f5fc41a4-6114-e711-810f-c4346bdcdd21 PrincipalData: accessMode= 0, roleCount=3, privilegeCount=494. ObjectTypeCode:10013, ObjectBusinessUnitId:50dbd188-b208-e711-810e-c4346bdcdd21, AccessRights: ReadAccess. Computed rightsToCheck=ReadAccess, grantedRights=8, hsmGrantedRights=None, grantedRightsWithHsm=8, </Message>
<Timestamp>2018-12-20T13:44:42.9001522Z</Timestamp>
<ExceptionRetriable>false</ExceptionRetriable>
<ExceptionSource i:nil="true" />
<InnerFault i:nil="true" />
<OriginalException i:nil="true" />
<TraceText i:nil="true" />
</OrganizationServiceFault>

 6562.assign.PNG

any help would be appreciated?

Thanks

Pillanagrovi

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Priyesh Profile Picture
    Priyesh 7,396 User Group Leader on at

    Hi,

    The user ef01f53c-bf12-e711-810d-c4346bdd2111 doesn't have read privileges on entity/related entities of - 10013 Email Event entity of ClickDimensions.

    You can check who the above GUID using is by -

    1. Open a User record

    2. Expend the record so that you get the full URL.

    3. Copy it in the Notepad and replace the "id" parameter of the URL with the above and check who the user is.

    Perhaps that user doesn't have proper ClickDimensions security role.

    Also, if you know how to use XRMToolBox and understand the above ObjectTypeCode etc, you can use AccessChecked in the XrmToolBox as well.

    Hope this helps.

  • Sainath Pillanagrovi Profile Picture
    Sainath Pillanagrovi 217 on at

    Hi Priyesh

    Thanks for the response

    But the user ef01f53c-bf12-e711-810d-c4346bdd2111 has the BU level privileges on that entity. but when i am giving Org level read permission then i am not facing this issue.

    so  i need to check whether user has permissions on related entity also ?

    Thanks

    pillanagrovi

  • Suggested answer
    Priyesh Profile Picture
    Priyesh 7,396 User Group Leader on at

    No,

    If that resolves your problem and you are OK with giving that user with Org level permissions on that entity, then I think your issue stands resolved. Then you don't need to give any additional permissions.

  • Sainath Pillanagrovi Profile Picture
    Sainath Pillanagrovi 217 on at

    Hi,

    I don't want the user to have org level permissions.

  • Priyesh Profile Picture
    Priyesh 7,396 User Group Leader on at

    So unfortunately it won't work. Because I assume the record was created by a user who resides in some other BU. Correct?

  • Verified answer
    Sainath Pillanagrovi Profile Picture
    Sainath Pillanagrovi 217 on at

    Yes the user is from other Bu

  • Suggested answer
    Priyesh Profile Picture
    Priyesh 7,396 User Group Leader on at

    This is a Microsoft error and it is rightly restricting since you are trying to do something that doesn't have access.

    The only things you can do here is -

    Make the other person from the other BU share the record with the person who is seeing this error and provide Share rights to your user. Use the Share button from the top of the ribbon.

  • Sainath Pillanagrovi Profile Picture
    Sainath Pillanagrovi 217 on at

    Hi Priyesh,

    One more strange thing i found is , i am getting the error when i am assigning the record to  team who is in other BU and record is getting assigned to team and throwing error.

    when refresh the form and search for that record i am not able to find  the record since it has BU level read permission with  that user and it is shown as owner with team name when searched with system admin role .

    that is why i was getting issue with  AccessRights: ReadAccess in the error log.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
ScottDurow Profile Picture

ScottDurow 2

#2
GJones Profile Picture

GJones 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans