Insufficient Privileges in CRM 2011
Roshan Mehta, 29 August 2013
This error never fails to confuse those who are configuring security in CRM 2011, especially when you have only started defining your security matrix. Getting the base privileges right just so that users can simply login to CRM can be a time-consuming task and you will most likely get errors along the way. One of the most common errors you will encounter is the dreaded Insufficient Privileges message with no indication as to which privileges are actually missing!
.png "Insufficient Privileges in CRM 2011 (1)")
Thankfully with CRM 2011 on-premise, there is always the helpful Event Viewer. To find out which privileges are missing for the user and role in question, simply login to the CRM server and fire up the Event Viewer. Privilege related errors will show up as warnings and give you relevant information about what is wrong with your configuration. Here is an example of what the Event Log entry looks like.
Exception information:
Exception type: CrmException
Exception message: Principal user (Id=860c5b18-15b9-e211-8d4b-00155d04dc01, type=8) is missing prvReadWebResource privilege (Id=4156db68-93e2-4a83-8cbb-5bb344ebaf47)
at Microsoft.Crm.Application.Platform.ServiceCommands.PlatformCommand.XrmExecuteInternal()
at Microsoft.Crm.Application.Platform.ServiceCommands.RetrieveMultipleCommand.Execute()
at Microsoft.Crm.Application.Components.Handlers.WebResource.RetrieveWebResource(String webResourceName, String preview)
at Microsoft.Crm.Application.Components.Handlers.WebResource.ProcessRequestInternal(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
We can see here that the user is missing the read privilege for the Web Resource component. I can now update check all Security Roles assigned to the user and include this missing privilege where necessary. Sometimes it takes multiple attempts to get rid of the error, so you need to be patient with this process.
One of the main privileges that is missed when defining security roles is the ability to read user settings (prvReadUserSettings). This is required when rendering views for example, as CRM needs to look into your personal options to figure out how many records per page you wish to see at a time.
I hope this post will help you when you start to map out your security matrix for Dynamics CRM 2011.
Category List
Filter by Author
Adam Murchison
Alfwyn Jordan
Arthur Mandisodza
Calum Jacobs
Colin Maitland
David Mochrie
Dominic Liu
Gayan Perera
Harshani Perera
Isaac Stephens
Jaime Smith
Jared Johnson
John Barrencechea
John Eccles
Lauren Withers
Paul Nieuwelaar
Roshan Mehta
Roz Millar
Ryan Blaikie
Ryan Ingram
Sarah Coleman
Sean Roque
Shalane Williams