Hi,
When I restrict a user's security role through "Assign organizations" and "Grant access to specific organizations individually", the timesheet workflow fail with the following error:
Stopped (error): X++ Exception: Work item could not be created. Insufficient security permissions for user "USER.NAME". Please review the user's security permissions to ensure they are sufficient for this workflow document and then resume the workflow.
at SysWorkflowWorkItem-create
SysWorkflowWorkItem-createWorkItems
SysWorkflow-save
SysWorkflowQueue-resume
X++ Exception: The workflow system could not access the business document data. Report this issue to your system administrator.
at SysWorkflowDocument-assertAsUser
SysWorkflowDocument-assert
SysWorkflowDocument-assertPermission
SysWorkflowWorkItem-create
SysWorkflowWorkItem-createWorkItems
SysWorkflow-save
SysWorkflowQueue-resume
Both users (timesheet submitter and manager) are working in the same legal entity, which is the legal entity I specify in the security role restriction. Furthermore, the project used in the timesheet is also in that legal entity.
What could be the reason for this error?
Hi Gaute,
I was able to reproduce your scenario in version 10.0.32. I do consider this as being a bug as you should be able to assign organizations to limit access to other legal entities.
I would suggest contacting Microsoft Support and create a ticket.
I just tested all your suggestions:
It seems like adding a legal entity restriction on any role (even default roles) is causing this error. However, how could this be solved?
Hi Gaute,
Did you use the standard security roles or a custom one? If you assign standard roles and one new (empty) role which will be restricted. Do you then get the same error? Which exact version of Dynamics 365 are you using?
I just discovered that restricting any security role makes the workflow fail. This also involves adding an empty security role (contains no menu items) and restrict the legal entity on this role. Could this be a bug?
I just tried adding the DAT company, but the workflow still failed when "resumed". The strange thing is that when I remove the security role which has been restricted, the workflow works, as the user has access to approve the timesheet through another security role. Any other suggestions?
Hi Gaute,
Do these users still have access for this role on the DAT company? If not, try adding this company as assigned organization.
Hi Gaute, Can you try debugging assertAsUser method in SysWorkFlowDocument class and see if you get value in parm method where permission is not found as per this article for Ax 2012. If it works, you will get to know the missing menu item name.
André Arnaud de Cal...
291,965
Super User 2025 Season 1
Martin Dráb
230,836
Most Valuable Professional
nmaenpaa
101,156