Skip to main content

Notifications

Finance | Project Operations, Human Resources, ...
Suggested answer

Workflow for timesheet approval fails

(3) ShareShare
ReportReport
Posted on by 308

Hi,

When I restrict a user's security role through "Assign organizations" and "Grant access to specific organizations individually", the timesheet workflow fail with the following error:

Stopped (error): X++ Exception: Work item could not be created. Insufficient security permissions for user "USER.NAME". Please review the user's security permissions to ensure they are sufficient for this workflow document and then resume the workflow.
at SysWorkflowWorkItem-create
SysWorkflowWorkItem-createWorkItems
SysWorkflow-save
SysWorkflowQueue-resume

X++ Exception: The workflow system could not access the business document data. Report this issue to your system administrator.
at SysWorkflowDocument-assertAsUser
SysWorkflowDocument-assert
SysWorkflowDocument-assertPermission
SysWorkflowWorkItem-create
SysWorkflowWorkItem-createWorkItems
SysWorkflow-save
SysWorkflowQueue-resume

Both users (timesheet submitter and manager) are working in the same legal entity, which is the legal entity I specify in the security role restriction. Furthermore, the project used in the timesheet is also in that legal entity. 

What could be the reason for this error?

  • Suggested answer
    D365 accomplice Profile Picture
    D365 accomplice 4 on at
    Workflow for timesheet approval fails
    I ran into this issue and figured out that i needed to disable the following feature:
     
    Enable to fetch project details for intercompany resources in a timesheet line approval workflow
  • Anil Profile Picture
    Anil 2 on at
    Workflow for timesheet approval fails
    Hi Gaute,
    Did you find a solution to this issue?
    We're just in the process of introducing the timesheet approval functionality to our users and are running into the same issue on 10.0.39. Fails with LE restrictions on the roles but is fine when the roles are open to all LE's.
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,965 Super User 2025 Season 1 on at
    RE: Workflow for timesheet approval fails

    Hi Gaute,

    I was able to reproduce your scenario in version 10.0.32. I do consider this as being a bug as you should be able to assign organizations to limit access to other legal entities.

    I would suggest contacting Microsoft Support and create a ticket.

  • Gaute K Profile Picture
    Gaute K 308 on at
    RE: Workflow for timesheet approval fails

    I just tested all your suggestions:

    1. I tried the default "Project manager" role, first without any legal entity restriction, which worked. When I restricted legal entity access, the workflow failed.
    2. I tried adding an empty role with legal entity restriction, combined with "Project manager" having full access. This also failed.
    3. I even tried adding the "Project manager" role and selected "Grant access to specific organizations individually", then I granted access to all legal entities manually. Even this failed, despite the fact that I granted access to all legal entities.
    4. This is the version we have:

    pastedimage1681891423739v1.png

    It seems like adding a legal entity restriction on any role (even default roles) is causing this error. However, how could this be solved?

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,965 Super User 2025 Season 1 on at
    RE: Workflow for timesheet approval fails

    Hi Gaute,

    Did you use the standard security roles or a custom one? If you assign standard roles and one new (empty) role which will be restricted. Do you then get the same error? Which exact version of Dynamics 365 are you using?

  • Gaute K Profile Picture
    Gaute K 308 on at
    RE: Workflow for timesheet approval fails - D365FO

    I just discovered that restricting any security role makes the workflow fail. This also involves adding an empty security role (contains no menu items) and restrict the legal entity on this role. Could this be a bug?

  • Gaute K Profile Picture
    Gaute K 308 on at
    RE: Workflow for timesheet approval fails - D365FO

    I just tried adding the DAT company, but the workflow still failed when "resumed". The strange thing is that when I remove the security role which has been restricted, the workflow works, as the user has access to approve the timesheet through another security role. Any other suggestions?

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,965 Super User 2025 Season 1 on at
    RE: Workflow for timesheet approval fails - D365FO

    Hi Gaute,

    Do these users still have access for this role on the DAT company? If not, try adding this company as assigned organization.

  • Suggested answer
    Mohit Rampal Profile Picture
    Mohit Rampal 12,552 Super User 2024 Season 1 on at
    RE: Workflow for timesheet approval fails - D365FO

    Hi Gaute, Can you try debugging assertAsUser method in SysWorkFlowDocument class and see if you get value in parm method where permission is not found as per this article for Ax 2012. If it works, you will get to know the missing menu item name.

    calafell.me/.../

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,965 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,836 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans