CRM 2011 and Security Exception enhancement

Do you remember the difficulty it was to identify a missing privilege when reading security exception logs in Microsoft Dynamics CRM 4.0? We had to query the database which was quite annoying… The messages were the same kind as one of the below messages:

  • When you try to perform an action that is affected by another user security limitation

SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 1ef9f412-6601-dd11-8655-0019b9dfe618, OwningUser: 98bbc999-96a2-de11-aeaf-0019b9dfe227 and CallingUser: 037c1c90-96a2-de11-aeaf-0019b9dfe227

  • When you try to perform an action when you don’t have the privilege to actually do it

CrmSecurityException: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 60826d61-2be1-db11-821c-000423b79351 and PrivilegeId: 588725dd-c878-41c5-a4c3-5efc93cd3ffd

Microsoft Dynamics CRM 2011 improve drastically the error message to avoid a fastidious search in database:

  • When you try to perform an action that is affected by another user security limitation

SecLib::CrmCheckPrivilege failed. Returned hr = -2147220943 on UserId: 9d67828d-a13e-e011-af72-0800273a66a6 and PrivilegeType: Read

We can see that the only userId displayed is the one who actually causes the exception and the privilege is named instead of being displayed through its unique identifier.

  • When you try to perform an action when you don’t have the privilege to actually do it

Principal user (Id=9d67828d-a13e-e011-af72-0800273a66a6, type=8) is missing prvDeleteAccount privilege (Id=ca6c7690-c935-46b3-bfd2-abb306c2acc0)

Again, the privilege is named

Conclusion

It seems that headaches caused by security exceptions are behind us with this new version of Dynamics CRM. Another good point!

Comments

Anonymous said…
I have a migrated CRM3.0 to CRM2011 system. When I try to add a Contact with privilege to create "own contacts" from within an Account - owned by another user - I get the following error:

Crm Exception: Message: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 00000000-0000-0000-0000-000000000000, OwnerId: 0e191dc7-795c-dc11-8e20-000802de3a5e, OwnerIdType: 8 and CallingUser: 819789fa-8b67-dc11-922a-000802de3a5e. ObjectTypeCode: 2, objectBusinessUnitId: 5b08dffc-9719-dc11-b1c9-000802de3a5e, AccessRights: CreateAccess , ErrorCode: -2147187962

If I add a Contact directly, this is possible and I am able to associated the parent account.

Any ideas?

Regards,

René
February 28, 2012 at 10:29 AM
Post a Comment

Popular posts from this blog

New XrmToolBox plugin : Import/Export NN relationships

Image
Two plugins in one day! wow! This one was, in fact, developed a couple of months ago. One of my colleague was using a solution from my fellow MVP Andrii Butenko which allows to import/export NN relationships in a silverlight web resource. This was nice but my colleague was using other attributes than primary key to do the mapping and Andrii’s solution does not support this. So he asked me to develop a XrmToolBox’s plugin that could do this. And, here it is! You can select entities and relationships and moreover, choose mapping attributes on both enitities. I only let text and number attributes selectable as other does not really make sense for mapping purposes. Then you can import or export NN relationships! Here is a preview As usual, this plugin, among other, is available with XrmToolBox on CodePlex
Read more

Searchable Propery Attribute Updater

Image
Hi, The previous post was not the last one... :) You can find in this post the first tool that will make your life easier: Just remember when you customer asked you to remove all these unused attributes form the attribute list of the advanced find form... You navigated through all attrbutes form to modify the Searchable property of each attributes for hours... (maybe am I exaggerating a bit...) The program I give you allows you to update all attributes in a single winform application! Yes it can be! Do not hesitate to give me your comments about this program if you think improvements can be done... Download:
Read more

Full featured CRM grid in HTML/JS

Image
In last December, I was asked to write a web resource to display a grid with CRM records. I was quite frustrated because I didn’t succeed to manage some grid features easily like fixed header with horizontal scrolling among others. I delivered a fixed table which was not so bad but absolutely not something that look like the application grid views. So I decided to work harder to find a way to do this CRM style grid view. After some works (almost two full days), I have succeeded to create a full featured CRM grid view by using only JavaScript. Here is a screenshot: And this is how I can create a grid view from only a div in a HTML page < html > < head > < title > Page de test </ title > < script src ="json2.js"></ script > < script src ="jquery.js"></ script > < script src ="XrmServiceToolKit.js"></ script > < script src ="sdk.metadata.js"></ script > ...
Read more