Do you remember the difficulty it was to identify a missing privilege when reading security exception logs in Microsoft Dynamics CRM 4.0? We had to query the database which was quite annoying… The messages were the same kind as one of the below messages:
SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 1ef9f412-6601-dd11-8655-0019b9dfe618, OwningUser: 98bbc999-96a2-de11-aeaf-0019b9dfe227 and CallingUser: 037c1c90-96a2-de11-aeaf-0019b9dfe227
CrmSecurityException: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 60826d61-2be1-db11-821c-000423b79351 and PrivilegeId: 588725dd-c878-41c5-a4c3-5efc93cd3ffd
Microsoft Dynamics CRM 2011 improve drastically the error message to avoid a fastidious search in database:
SecLib::CrmCheckPrivilege failed. Returned hr = -2147220943 on UserId: 9d67828d-a13e-e011-af72-0800273a66a6 and PrivilegeType: Read
We can see that the only userId displayed is the one who actually causes the exception and the privilege is named instead of being displayed through its unique identifier.
Principal user (Id=9d67828d-a13e-e011-af72-0800273a66a6, type=8) is missing prvDeleteAccount privilege (Id=ca6c7690-c935-46b3-bfd2-abb306c2acc0)
Again, the privilege is named
Conclusion
It seems that headaches caused by security exceptions are behind us with this new version of Dynamics CRM. Another good point!