web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / AccessRights 262153
Microsoft Dynamics CRM (Archived)

AccessRights 262153

(0) ShareShare
ReportReport
Posted on by Adam Surgenor 425

We're getting privilege errors on access right 262153.  This seems to occur when one user is creating an appointment for another.

I've included a full exception below, does anyone know what this means?

Thanks in advance.

Adam

 

>Crm Exception: Message: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: d33d7616-1a07-e211-a60a-005056940043, OwnerId: 229c46f0-9bbb-e111-a60a-005056940043,  OwnerIdType: 8 and CallingUser: a49b46f0-9bbb-e111-a60a-005056940043. ObjectTypeCode: 4201, objectBusinessUnitId: 7251e947-72c7-e111-a60a-005056940043, AccessRights: 262153 , ErrorCode: -2147187962
[2012-09-25 15:05:45.273] Process: w3wp |Organization:fb9305a0-36b6-e111-a2e3-005056940045 |Thread:   19 |Category: Platform.Sdk |User: 0f987981-ee82-4240-bcb2-40e9aa085bc2 |Level: Error |ReqId: cf366f63-5b4b-4805-bca1-06ee010131ce | VersionedPluginProxyStepBase.Execute
>Web Service Plug-in failed in SdkMessageProcessingStepId: {08CABB1B-EA3E-DB11-86A7-000A3A5473E8}; EntityName: appointment; Stage: 30; MessageName: Create; AssemblyName: Microsoft.Crm.Extensibility.InternalOperationPlugin, Microsoft.Crm.ObjectModel, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35; ClassName: Microsoft.Crm.Extensibility.InternalOperationPlugin; Exception: Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
   at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values)
   at Microsoft.Crm.Extensibility.InternalOperationPlugin.Execute(IServiceProvider serviceProvider)
   at Microsoft.Crm.Extensibility.V5PluginProxyStep.ExecuteInternal(PipelineExecutionContext context)
   at Microsoft.Crm.Extensibility.VersionedPluginProxyStepBase.Execute(PipelineExecutionContext context)
Inner Exception: Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: d33d7616-1a07-e211-a60a-005056940043, OwnerId: 229c46f0-9bbb-e111-a60a-005056940043,  OwnerIdType: 8 and CallingUser: a49b46f0-9bbb-e111-a60a-005056940043. ObjectTypeCode: 4201, objectBusinessUnitId: 7251e947-72c7-e111-a60a-005056940043, AccessRights: 262153 
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx2(ExecutionContext context, SecurityPrincipal principal, SecurityPrincipal ownerPrincipal, Guid objectId, Int32 objectTypeCode, Guid objectBusinessUnitId, AccessRights rights)
   at Microsoft.Crm.BusinessEntities.CascadeEngine.SecurityCheckForGrantAccess(BusinessEntityMoniker moniker, Int32 accessMask, ExecutionContext context)
   at Microsoft.Crm.BusinessEntities.CascadeEngine.GrantAccessBulkForCreate(BusinessEntityMoniker moniker, Int32 accessMask, Int32 principalType, Guid[] granteeIds, ExecutionContext context)
   at Microsoft.Crm.ObjectModel.CommunicationActivityServiceBase.CreateCommunicationParties(BusinessEntityMoniker moniker, CommunicationActivity activity, ExecutionContext context)
   at Microsoft.Crm.ObjectModel.CommunicationActivityServiceBase.Create(IBusinessEntity entityInterface, ExecutionContext context)

 

*This post is locked for comments

I have the same question (0)
  • NSundaresh Profile Picture
    NSundaresh 60 on at

    Try running the trace on the CRM server and re-create the error message. That should give you the missing privilege on the role used by the user.

  • Suggested answer
    Bryan Botz Profile Picture
    Bryan Botz 600 on at

    Hello Adam,

    NS is right, with tracing on for the server you should see a more detailed capture of the error and it will state what permission is missing for the user.

    You can turn tracing on in CRM using the following:

    support.microsoft.com/.../907490

    Key items to employ from the KB is

    You will find the CRM trace settings in the registry here:

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM

    Change TraceEnabled to 1 to enable tracing the default is 0

    Change or add TraceCategories to *:Error the default is *:Verbose (this will limit the logging to just errors and keep the performance impact to CRM minimal)

    Change TraceRefresh to increment a number between 0 and 99 (you will need to change this number to force a refresh of the trace settings).

    With tracing enabled reproduce the error and then change tracing back to the defaults in the registry. This will then output a file to C:\Program Files\Microsoft Dynamics CRM\Trace.

    Looking at the file should give you the permission name that is missing. Note that it will use the database name for an item and it might not always match the UI name. A perfect example of this is Cases in CRM is refered to as Incident in the database. You can find the true name of these items by looking in the Customization section of CRM.

    If you still are having trouble locating the missing permission please log a support case with us and we can work with you to discover the missing permission.

  • Adam Surgenor Profile Picture
    Adam Surgenor 425 on at

    As you can see from the format of the exception, this is from the trace file.  you'd normally expect to see prv??? in the place of 262153, which would tell you which privilege is required.

    I know this is something to do with creating appointments for another user.  I'm really asking if anyone knows what 262153 means and the answer seems to be no.  If I locate a meaningful answer, I'll post it here to make life easier for people hitting this in the future.

  • Bryan Botz Profile Picture
    Bryan Botz 600 on at

    Adam,

    The portion of the trace you have posted appears incomplete so I can only see the left half of the entry. The value of 262153 is not a value that is meaningful to us in regards to privelages. In CRM 2011 a prv entry is usually indicated in a permission error in a trace. There is a series of errors that are produced from the Application, the web service plugin (which you have posted), and a platform error. One of those three should indicate our missing prv name. If this is CRM 4.0 then the value would be represented as a GUID which I could then reference against the database to find the missing permission.

    So look in your captured trace for the Application and platform entries and you might find your prv value. They should be listed near the web service plugin error portion you have posted.

  • Verified answer
    Allan20112 Profile Picture
    Allan20112 1,025 on at

    Adam,

    We've found that the answer is the Share permission on the Activity entity in the user's security role is not high enough. Increase the Share permission level for Activities until the error goes away.

    The AccessRights 262153 is very unspecific, I agree. This will show in the Outlook client side trace file, but in the Server trace file it should be more specific and show you the exact "prv*****" name.

    I usually see this "AccessRights 262153 " instead of PRV when a partial permission level was given, but it's still not high enough.  For appointments, it's going to be the "Share" permission needing to be increased to at least business unit.  However, an error like this could mean other ones like Append or Append To.

    If in doubt, do a server trace and it should tell you exactly what PRV it is.

    Thanks,

    Allan

  • Adam Surgenor Profile Picture
    Adam Surgenor 425 on at

    Thank you, good answer.

    Adam

  • Daryl LaBar Profile Picture
    Daryl LaBar 500 Most Valuable Professional on at

    The reason the AccessRights is listed as a number and not the text value, is because it requires multiple privileges.  Check out this blog post for more information:  dotnetdust.blogspot.com/.../how-to-interpret-accessrights-numbers.html

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans