Friday, July 12, 2019

CRM Exception message: Principal user (Id=GUID, type=8) is missing prvReadComplexControl privilege (Id=GUID)

Recently one of my customers started getting insufficient permissions messages and having issues accessing files on the CRM.

Exception detail was as below.
Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3s344d364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #CBE39829Detail:
  <ActivityId>f6dfec3a-6114-4eef-9544-a9396f5d1572</ActivityId>
  <ErrorCode>-2147220970</ErrorCode> 
  <Message>System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #CBE39829</Message>
  <Timestamp>:44:42.8709171Z</Timestamp>
  <ExceptionRetriable>false</ExceptionRetriable>
  <ExceptionSource i:nil="true" />
  <InnerFault>
    <ActivityId>GUID</ActivityId>
    <ErrorCode>-2147220960</ErrorCode>   
    <Message>Principal user (Id=GUID, type=8) is missing prvReadComplexControl privilege (Id=GUID)</Message>
    <Timestamp>2019-07-04T07:44:42.8709171Z</Timestamp>
    <ExceptionRetriable>false</ExceptionRetriable>
    <ExceptionSource i:nil="true" />
    <InnerFault i:nil="true" />
    <OriginalException i:nil="true" />
    <TraceText i:nil="true" />
  </InnerFault>
  <OriginalException i:nil="true" />
  <TraceText i:nil="true" />
</OrganizationServiceFault>
The actual error is given in the inner fault section, the same error is logged in the event log of the CRM server as below.
Exception information:
Exception type: CrmException
Exception message: Principal user (Id=GUID, type=8) is missing prvReadComplexControl privilege (Id=GUID)  at Microsoft.Crm.Application.Platform.ServiceCommands.PlatformCommand.XrmExecuteInternal()
   at Microsoft.Crm.Application.Platform.ServiceCommands.RetrieveCommand.Execute()   at Microsoft.Crm.Caching.ComplexControlLoader.LoadCacheData(Guid key, IOrganizationContext context)   at Microsoft.Crm.Caching.CrmMultiOrgCacheBase`2.CreateEntry(TKey key, IOrganizationContext context)   at Microsoft.Crm.Caching.CrmMultiOrgCacheBase`2.LookupEntry(TKey key, IOrganizationContext context)   at Microsoft.Crm.Application.Components.Sdk.InlineEditControls.Web.CompositionLinkControl.GetFlyOutDescriptor()    at Microsoft.Crm.Application.Components.Sdk.InlineEditControls.Web.LinkControl.GetRequiredColumns(Int32 entityTypeCode)   at Microsoft.Crm.Application.Forms.CompositeControlVisitor.HandleColumnProvider(Control control, FormDescriptor formDescriptor)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.AddControlProperties(ICrmControl crmControl, ControlDescriptor controlDescriptor)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.ProcessControlHierarchy(Action`2 controlHandler)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.GetInstance(FormFactor formFactor, FormDescriptor descriptor, Guid processId, Int64 processVersionNumber, IOrganizationContext organizationContext)   at Microsoft.Crm.Application.InlineEdit.ReadFormDataBuilder..ctor(String recordId, String entityTypeCode, Guid formId, FormFactor formFactor)   at Microsoft.Crm.Application.Pages.Form.FormDataPage.Render(HtmlTextWriter writer)   at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
After a while found the “Complex Control” privileges are listed as “Process Configuration” in CRM security roles. To fix the issue go to CRM Security Roles and open Customization tab. There you will find Process Configuration for which you need to provide Read permission. 

Giving permissions according to the error you see will fix the issue, for example if your error showed your were missing prvCreateComplexControl, then you need to provide Create permissions.
More details about security role UI and privilege mapping can be obtained from the Microsoft article.

No comments: