Solved

Microsoft CRM 4.0 - Custom Security Role Issue

Posted on 2011-03-11
10
1,389 Views
Last Modified: 2012-05-11
We have created a role that is intended to allow managers at each business unit to setup security roles without giving the managers the system administrator role.  

We have not been able to get this to work - when creating a role, we get the following message: "The logged on user does not have the appropriate security permissions to view these records or perform the specific action"

This happens even if a user with this role clicks New, types in a Security Role name and clicks Save.

I have searched the internet and found various attempts to overcome this issue but if anyone has a definite solution, it would be much appreciated.

Thanks
0
Comment
Question by:apollo7
  • 7
  • 3
10 Comments
 
LVL 10

Expert Comment

by:Jeff Wight
ID: 35115957
Have you enabled CRM tracing?  If not, I would suggest trying that.  Enable tracing using the directions in this KB:

http://support.microsoft.com/kb/907490

Once tracing is enabled, try creating the security role again to generate the error.  Then analyze the trace log.  It should give you an error that contains the ID of the privilege that is missing.  You can then run the following query against the CRM database to identify the missing permission:

SELECT *
FROM [PrivilegeBase]
WHERE PrivilegeId = '[ID]'

If you can't find the error containing the missing privilege, post the trace log and I'll take a look.


0
 
LVL 1

Author Comment

by:apollo7
ID: 35150895
I have a question on the above:

I am on the CRM 4.0 server and opened the registry.  I do not see the registry entry on the server: as indicated in the link above:

"The Microsoft CRM server tracing registry entries are located in the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM"

I am running MSCRM 4.0 on Server 2008 - is there another place to change the registry entries to enable a trace?

Thanks
0
 
LVL 10

Expert Comment

by:Jeff Wight
ID: 35151231
That's where they should be.   You could try searching the registry for "TraceEnabled" and see if it appears elsewhere.  If not, I would just create the keys as describe in the KB.
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 1

Author Comment

by:apollo7
ID: 35182742
Still working on this...will be back with questions if needed.
0
 
LVL 1

Author Comment

by:apollo7
ID: 35183323
I ran the trace and received two errors with PrivilegeId indicated.  They are:

PrivilegeId                        Name
CA4A3B9F-6887-4B5D-90F4-E918ED17E175      prvReadService
B14AB968-E16A-4613-A90F-B093E9320D6D      prvReadNew_center

Any idea on what these translate to in the Manage Roles UI or what else can be done to resolve these Privilege errors?

Thanks
0
 
LVL 1

Author Comment

by:apollo7
ID: 35191845
Please ignore the statement above.  I have been able to run the trace and add a number of privileges to the Security Role I am creating but some privileges do not appear under the Security Role form. These priveleges are:

A7C82854-36CE-4616-B7C2-84EC619D3378      prvAppendToAsyncOperation
8FDEEA95-80AB-47DC-974B-52D71B88C8AF      prvAppendRole
B5C6CE9F-6ED4-4330-BF1E-24B146573CAE      prvSendInviteForLive
4440769E-8D79-41FC-AE45-CD65480FFDBA      prvWriteAsyncOperation

Can you tell me how to add these privileges if they are not shown under Security Roles (for the user role I am creating)

Thanks
0
 
LVL 10

Accepted Solution

by:
Jeff Wight earned 500 total points
ID: 35191967
The role to priv mapping is defined in the table called [RolePrivileges].  

Modifying these privs through the UI isn't possible.  This article talks says that you can make the change via custom development:
http://blogs.msdn.com/b/crm/archive/2009/08/04/viewing-all-crm-privileges-including-hidden-privileges.aspx

The other option would be to make the change directly in the database in the [RolePrivileges] table.  This is not supported, but might be possible...



0
 
LVL 1

Author Comment

by:apollo7
ID: 35192119
Thanks, will check this out and get back with any questions.
0
 
LVL 1

Author Comment

by:apollo7
ID: 35193632
Here is where I am - I tried the link but cannot get the zip file (which contains the Role Editor) to download.  I also looked at the Role Privileges table but determined it is not something I would modify directly.

I need to create a role that can create other roles but is restricted by Business Unit.

My latest approach was to copy the System Administrator role and then adjust to assign roles only at the Parent - Business Unit level.  My problem is that when I adjust down from the Organization level (even for accounts, contacts, etc) it breaks the BU Administrator role (throws an error)

Any ideas would be greatly appreciated, any other links or tools that can be used for this.

Let me know if you need any more detail.

Thanks for your help.

0
 
LVL 1

Author Closing Comment

by:apollo7
ID: 35241174
Thanks - this worked perfectly and my role is defined.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Security Solution 7 59
Suggestions on remote printing. 3 38
Non admin needs to install programs 17 69
Website Question - New Site 3 13
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question