Error ‘Access is Denied’ when saving an opportunity. AccessCheckEx failed

Hi,

I just faced this error today with a user trying to save an opportunity:

image

Log:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2c4c9b7e-7fdd-e011-9618-000c293ae41e, OwnerId: 27b64630-6bb4-e011-85d8-000c293ae41e,  OwnerIdType: 9 and CallingUser: 18882994-ccab-e011-b67a-000c293ae41e. ObjectTypeCode: 1, objectBusinessUnitId: fc0de504-329c-e011-bbbb-000c2937b663, AccessRights: AppendToAccess Detail:
<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
  <ErrorCode>-2147187962</ErrorCode>
  <ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
  <Message>SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 2c4c9b7e-7fdd-e011-9618-000c293ae41e, OwnerId: 27b64630-6bb4-e011-85d8-000c293ae41e,  OwnerIdType: 9 and CallingUser: 18882994-ccab-e011-b67a-000c293ae41e. ObjectTypeCode: 1, objectBusinessUnitId: fc0de504-329c-e011-bbbb-000c2937b663, AccessRights: AppendToAccess </Message>
  <Timestamp>2011-10-05T19:41:01.7080238Z</Timestamp>
  <InnerFault i:nil="true" />
  <TraceText i:nil="true" />
</OrganizationServiceFault>

 

Cause

After reviewing the security role he belongs to, I finally understood what the problem was:

  • I had imported Accounts and assigned them to a Team (called ‘All’ btw) which belonged to the main Business Unit in the system. (this was because it was not possible to assign owners at the moment of the import, so, Accounts needed to be available to everyone and not assigned to someone specific)
  • The user trying to save the opportunity belonged to a child BU and was assigned a role which had AppendTo privileges for Account entity at the BU scope:

 

image

  • So, the opportunity couldn’t be saved because the Account which was selected as Parent Customer within the opp is owned by a Team in a Parent BU and AppendTo privilege was set up just at a BU scope, so privileges were insufficient.

Solution

  • So, my solution was to assign user’s role AppendTo privileges at the Organization scope so the user could be able to select any Account within the system to append the opportunity to.

image

Hope it helps to save you some time in sorting out a similar problem.

PP [twitter: @pabloperalta]

1 Comment

  • Hi @Jean,
    Please note ObjectTypeCode. What does it say in your error message?
    You can retrieve all object types codes in your system, just by running the following query:
    SELECT * from EntityView
    ORDER BY ObjectTypeCode

    Hope it helps,
    PP

Comments have been disabled for this content.