Thursday, December 9, 2010

Insufficient Privileges. The logged-on user does not have the appropriate security permissions to view these records or perform the specific action.

While working on CRM 2011 Beta i created a simple entity model and created a role. On this role i gave read permissions for all the entities in the entity model and then assigned a user to this role. 
After this when i logged on to the CRM system using the web client with the user just created i was assuming that i would get all the entities in my workplace and i would be able to work with them. But turned out i got the above message instead which said. 
"Insufficient Privileges. The logged-on user does not have the appropriate security permissions to view these records or perform the specific action."

I checked the event viewer and found nothing about this message. So the only option was to look into the CRM trace and figure out what is going wrong. 
Here are the steps to enable tracing 

1) Make 3 registry entries on the CRM Server box under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM"
    a) TraceEnabled of type DWORD 32 bit and set its value to 1
    b) C:\CRMTrace of type string and value as "C:\CRMTrace" . It can be any      folder path
    c) TraceRefresh  of type DWORD 32 bit with any value between 0 and 99

Once this is done the CRM tracing is enabled on the machine. However to my surprise the trace was happening in "C:\Program Files\Microsoft Dynamics CRM\Trace" folder and not in the folder which i mentioned in the registry key.
But without the key the tracing doesn't work so let it be there. 

Once this is done try to login to the CRM system using the same user and you would see a message in the trace which would look something like 

"Crm Exception: Message: Principal user (Id=04becef6-fcf5-df11-96ef-00155d647b03, type=8) is missing prvReadCustomization privilege (Id=7bb3b531-ac45-4977-89c8-b99768e55ab8), ErrorCode: -2147220960"

this basically means that the user is missing a Customization Read privilege in the settings. To fix this we can go in the Setting area as an administrator user and give this privilege to the user or role to which the user belongs. 

Hope this helps in case you are stuck with this kind of problem in 2011 - Beta system. 

Njoi!!!
~Abhishek


2 comments:

Anonymous said...

I got the same problem.
What should I change, I didn't understand
Ragarda
Marco

Abhishek said...

Hi Marco,
Here's what you have to do in CRM as an administrator
1) Go to Settings -> Administration -> Users and select the User who is getting this exception
2) In the User Form check the roles which are assigned to the user. Now select one of these Roles
3) In the Role form go to Customization tab and give the read privilege on the Customizations entity. ("Since my log says prvReadCustomization is missing").

hope this helps...