1
votes

Dynamics CRM 2011 on premise.

I have a plugin that adds some buttons to the ribbon on the case/incident form.

Different users have different security permissions.

The buttons are enabled for all users.

When some users press the buttons they perform the expected operations.

When other users press the buttons they do not seem to do anything.

Other than permissions, I think everything else is the same for the users.

How can I find which permission(s) are causing the problem?

(Also, shouldn't CRM say something if permissions are blocking a user from doing something? We don't get an error.)

5
How is your plugin controlling the ribbon buttons?James Wood

5 Answers

0
votes

The Xrm Tool Box has an access checker that would help in this situation.

The way security works in CRM when querying data is that you do get an exception if the user attempts to perform a select on an entity that they have no read rights at all for. But, if the use has rights to view only records that they own, they'll get an empty result set if they attempt to query records they don't own. I'm guessing that's what's going on here, is that they're attempting to query data that the have read rights for, but not at the Organization level, or whatever the exact level that they need.

0
votes

From Suumit Bhatanagar at https://community.dynamics.com/crm/f/117/p/113149/228873.aspx

You may collect verbose level of traces , would direct you in the right direction. Simply reproducing the issue by clicking on the button and then stop the traces.

For traces , you may look into : http://support.microsoft.com/kb/907490

-1
votes

From DavidJennaway at http://social.microsoft.com/Forums/en-US/55c22571-0187-4a64-9cc1-94954fa8bdf7/how-to-find-which-security-permission-is-preventing-a-user-from-doing-something

Enable tracing and the trace log will indicate the privilegeid and systemuserid - you can then lookup the privilegeid in the privilege entity.

Be aware that the trace log will record all instances where a user doesn't have permission - this includes the scenario where CRM checks if a user has any permission on an entity to decide if the entity should be shown in the UI

-1
votes

From Roshan Mehta at http://social.microsoft.com/Forums/en-US/55c22571-0187-4a64-9cc1-94954fa8bdf7/how-to-find-which-security-permission-is-preventing-a-user-from-doing-something

Check the Event Viewer. This usually gives sufficient information about missing privileges when a plugin fails to run under user context.

Alternatively, you can run the plugin under SYSTEM context in which case this error will not occur. To do this, pass a null value into the CreateOrganizationService method when instantiating service objects in your plugin.

-1
votes

From Imran I Abbasi at http://social.microsoft.com/Forums/en-US/55c22571-0187-4a64-9cc1-94954fa8bdf7/how-to-find-which-security-permission-is-preventing-a-user-from-doing-something

David is right, there isn't any easier way to get to the root of your issue. Enable tracing and then use privilegeId (a GUID) from tracing file against Privilege entity in database to get details of missing privilege. To simplify your quest, you can use TraceLogViewer to filter your log file and get only the errors. Here is the link: Trace Log Viewer

And here are the steps to enable tracing in crm 2011

here are the steps

1- -> Start -> run -> regedit.exe 2- HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > MSCRM 3- Add new keys

TraceEnabled TraceRefresh

DWORD, value = 1