Sonoma Partners Microsoft CRM and Salesforce Blog

Permissions Issues for CRM 2013/2015 Forms

Today's post is written by Kyle Bippus, an Associate Software Developer at Sonoma Partners.

I was on a support case with a client where a sales representative was getting a strange error from CRM when converting a Lead into a Contact:

Photo one

This case was unusual because the sales representative had the correct Read permissions for the Lead and Contact entities, as well as all other related records on the form.  Furthermore, if the same user had been given the System Administrator role and had attempted to access the newly-created Contact record, then had the role removed, the user could then view the record instead of getting the above error.

Since the error does not give any more information beyond “Insufficient Permissions,” the next step was to scan the trace logs and look for any error messages that look similar.  After some searching I came across this message, which occurred around the time I replicated the error:

Principal user…is missing prvReadComplexControl Privilege

According to the Microsoft Dynamics CRM SDK, the prvReadComplexControl privilege is the Read permission for the ComplexControl entity (also known as Process Configuration).  Below is the SDK’s description for this entity:

This entity is for internal use only. However, users need read access to this entity in order to see the updated experience for lead and opportunity forms.

Essentially what this means is that users need the Read privilege for this entity in order to view the user interface for entity forms in CRM 2013 and 2015.  This applies not only to Lead and Opportunity, but almost all entities in CRM (some entities, such as Resource Group, still retain the look and feel from CRM 2011).  All security roles should have the Read privilege for the Process Configuration entity by default, but sometimes this configuration gets messed up when an organization is upgraded from a previous version of CRM.

So all we need to do is set the Read privilege for this entity to “Organization” for each affected security role.  Below are the steps to do just that:

  1. From your home page, navigate to Settings, then to Security, then to Security Roles
  2. Double-click on the role you want to modify
  3. Click the “Customization” tab, then set the Read privilege on the Process Configuration entity to “Organization” (see picture below)

Photo two

You should no longer see the “Insufficient Permissions” error. I hope this helps! If you have any additional questions, contact us to speak with one of our Microsoft Dynamics CRM experts.

Upgrading to Microsoft Dynamics CRM 2015
Topics: Microsoft Dynamics CRM 2013 Microsoft Dynamics CRM 2015