Is it possible in Dynamics CRM 2011 to find what permission is lacking when it shows access denied
https://stackoverflow.com/questions/12344207
-
01-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible in Dynamics CRM 2011 to find what permission is lacking when it shows access denied?
For example a logged on user is trying to create a new Account through the Regarding field on an Email Activity. When she hits the new button she is shown
Access Is Denied
You do not have enough privelleges to access the Microsoft Dynamic CRM object or perform the requested opertaion...
I would like to list at the bottom of this message what permission CRM thought it needed (I only need to have this function during testing and would turn it off in production). Or if that's too hard I would love to know the location of a log that tells me what permission was required along with the username so I can tweak the security matrix appropriately.
Solution
Another option is to enable developer errors. Instead of getting the standard Crm error message you get a more complete message, complete with stack trace. This will then you give the missing privilege name.
Described here.
Also as Jason explained usually you get a privilege name you can make sense of, but in the case you don't check out this.
Security Role UI to Privilege Mapping - Will show you which privilege name is linked to which selection on the Ui.
The other pages will help if Crm ever returns you a Guid instead of a privilege name.
OTHER TIPS
You should be able to figure it out if you enable tracing on the CRM server. It isn't going to tell you explicitly which permission is missing but should give you a pretty good idea, you'll see exception messages like "missing PrvReadAccount privilege", meaning the user is missing Read permissions on the Account entity.
