- Determine which privilege is missing. To do this, run a Microsoft Dynamics CRM platform trace when you reproduce the issue. For more information about how to create a Microsoft Dynamics CRM platform trace, click the following article number to view the article in the Microsoft Knowledge Base:907490 How to enable tracing in Microsoft Dynamics CRM
- Search the log that is generated for an error message that resembles the following:Error: Server was unable to process request. Error Number: 0x80040220 Error Message: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: <UserID> and PrivilegeId: a8ecac53-09e8-4a13-b598-8d8c87bc3d33
- In the error message, note the GUID of the privilege ID.
- In SQL Server Management Studio,run the following query to determine which privilege the GUID represents. Note In this query, a8ecac53-09e8-4a13-b598-8d8c87bc3d33 is a placeholder for the actual GUID that you note in the error in step 3.
select Name from PrivilegeBase where PrivilegeId = "a8ecac53-09e8-4a13-b598-8d8c87bc3d33"
- The result of the query should resemble the following: prvReadAccountTherefore, the user is missing the Read privilege on the Account entity.
- Log on to the Microsoft Dynamics CRM Web client as the Microsoft Dynamics CRM administrator.
- Click Settings, click Administration, and then click Security Roles.
- Double-click the role that is assigned to the user who receives the error message.
Note Do not change the default roles. Instead, make a copy of the default role, and then change the copy.
- Click the privilege that you found in step 5, and then click Save and Close.
Article ID: 861993 - Last Review: 1 Jul 2009 - Revision: 1