After installation of CRM for outlook, connection prompt error message
Principal user (Id=e1d4caec-db31-e611-80be-00155d036d5c, type=8) is missing prvReadRole privilege (Id=222a920a-2778-4564-85cb-e78dde8e4276)
As the message says, the user is missing the prvReadRole privilege. This can be assigned in: Settings->Security->Security Roles->Choose specific role->Business Management->Read.
As a side-note, you might encounter other missing privileges. A best practice is to use the out of the box security roles (e.g. by making a copy and saving your own modifications in the copied role).
Related
When I try to connect to Dynamics 365 CRM with the Plugin Registration Tool I get the following permission error:
"You don't have permission to access any of the organizations in the
Microsoft Common Data Service region that you specified. If you're not
sure which region your organization resides in, choose "Don't know"
for the CDS region and try again. Otherwise check with your CDS
administrator. Parameter name: EMEA"
I have the System Administrator role
I can sign-in to the web interface and work with no issues
I'm sure of our region, tried to login with and without it ("Don't know" option)
Also tried with an application password as our organization uses multi factor authentication
Using the latest version of the tool on Nuget (9.0.0.9506 in the about dialog)
I can connect to my trial server the same way
We had a user who was able to connect with the same user roles set
This seems machine and account independent. Other users including the organization creator are getting the same error
We are directly connected to the internet, no proxies
One solution I've read suggested cleaning the cache files which don't appear on my system. And we get the same error on clean installations.
Solved by leaving the "Show Advanced" checkbox unchecked and not entering User ID / Password. Then a second dialog opens for credentials and 2FA authentication which just works.
You don't need an application password, as you'll be asked for MFA in the next step.
I don't know how our old teammate was able to sign in with the "Show Advanced" option selected. He was getting the same dialog and continue.
Its really weird to see Access Denied error for System Administrator in CRM.
When trying to open any record from Plugin trace logs, system throws the below error in our dev environment.
Access Is Denied
You do not have enough privileges to access the Microsoft Dynamics CRM object or perform the requested operation. For more information, contact your Microsoft Dynamics CRM administrator.
Unable to verify the missing access rights as there is no 'Download Log' button, platform trace cannot be checked since this is CRM online. I don't see any relationship control issue like lookup/subgrid in this OOB entity.
Also if you see the page title, it says Dashboard - fishy? Any pointers to troubleshoot this?
This is crazy, when we try to delete the Plugin trace log entries, it says the most useful message:
Not enough privilege to access the Microsoft Dynamics CRM object or perform the requested operation. The current Organizationid '79bd6aa8-984f-4d51-ae47-0a178c71d762' does not match with userOrTeam's organization id '760ed188-468e-40ca-86bd-ceca16ee64a1'.
So these were moved as part of sandbox refresh from another instance. Damn, then why they are showing in this org grid beyond POA; MS can answer it, probably they will solve this platform bug as its not allowing to delete because of POA.
I am running into an issue with Microsoft Flow to create appointments on another calendar that my account as Send As permission to. I am able to create appointments in the UI for this second account. However in Flow, it is asking for a CalendarID. The drop down only shows calendars directly related to the account in the connection. When I manually enter the CalendarID to the second account, I receive this error: "The specified object was not found in the store."
Any help / tutorials will be greatly appreciated.
"The specified object was not found in the store."
This is an EWS permissions error so whatever you doing isn't going to work with SendAS rights. You will need to assign full access permission to the Mailbox (or at least rights to the calendar folder via Add-MailboxFolderPermission) for this to work with EWS. SendAs permission by definition only gives a user rights to SendAS another user not access folders in their Mailbox. You can test all this with the EWSEditor https://ewseditor.codeplex.com/ which is going to be making the same calls. If it works in the EWSEditor with the same creds as flow but not in your other code then you know the rights are good but whatever you doing in Flow is the issue.
When creating a case I get the below error.
Access Error The system could not log you on. This could be because
your user record or the business unit you belong to has been disabled
in Microsoft Dynamics 365. If you contact support, please provide the
technical details.
This occurred shortly after deleting the CRM Admin user and creating a new CRM Admin user in the Office 365 users screen.
The more technical message is
The user with
SystemUserId=bb51ba1c-66e8-4dc1-82ca-cb64e25f3ff9 in
OrganizationContext=7e061672-3a31-4588-9770-9f94711c7f09 is
disabledDetail.
The error message is saying that the user with that ID is disabled so the first thing to do would be to open that record and check which user it is.
To do that, use the URL below but replace the xx's and the yourregion part of the url (I've already added your user id).
https://xxxxxxxx.yourregion.dynamics.com/main.aspx?etc=8&extraqs=&histKey=952109180&id={bb51ba1c-66e8-4dc1-82ca-cb64e25f3ff9}&newWindow=true&pagetype=entityrecord
You will then need to enable that user or resolve problems from there.
I would also check that you don't have any plugins or workflows which have been setup to run as that user when creating a case.
I am using Microsoft Dynamics 365 and I am attempting to change the Owner of an Opportunity. I have System Administrator privileges, but I still get this error message:
<Message>Principal user ... is missing prvReadps_application privilege (Id=75b45303-d5b2-494f-9300-04ffa37d2fee)</Message>
The prvReadps_application privilege is missing from the Dynamics documentation so I'm having a hard time tracking down what privilege is missing from my role. How can I use the privilege name or Id to add the privilege to my role?
It is not you that are missing the privilege - it's the user whom you are trying to give ownership of the Opportunity to. Let's say you have an account owned by User A. If you want to assign this account to user B, user B MUST have at least User-level Read privilege for the account entity. That is how Dynamics CRM/365 works. The user that you are trying to assign the Opportunity to is probably missing proper the security role.
As other pointed out, ps_application is a custom entity - You should go to your System Customizations area and check its display name (I bet it's something like Application). Now you should check what the security roles of the user are to whom you are trying to change ownership to - you should grant this role Read privilege for this entity (it will be on the last tab of Security Role configuration page).
So, why are you getting this error when assigning Opportunity? I bet that this ps_application entity is related to the Opportunity and the relationship is configured to propagate owner, so by changing owner on Opportunity, you are changing owner of related ps_applications -> and thus you are getting the error, as the user cannot be the owner for such records (does not have read privilege).
ps_application is your custom entity. That's why its missing in MS documentation.
prvReadps_application - says Read privilege missing, so look for Custom entity tab in Security role.
But System Administrator is a dynamic role, the privilege should be added when a new custom entity is added to the system. Make sure you didn't remove any privileges explicitly.
Also Verify the Security roles of the owner you are trying to assign, for Read privilege of this custom entity.
Arun V.'s answer made me realize that I missed the part about you being a System Administrator. Thanks Arun V., and my apologies.
Now I would say that you'll want to focus on the privs of the user to whom are you assigning the record. Their lack of permissions is likely what is preventing the assignment.
As Arun V. pointed out, ps_application could be a custom entity.