Archive

Posts Tagged ‘CRM Security’

CRM 4.0 Security Privileges

October 13, 2010 3 comments

Recently we started getting following error on one of our CRM environment.

Server was unable to process request.
0×80040220
SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 6e7d3c02-b2c2-df11-a8e6-78e7d1e8d0ae and PrivilegeId: cb4b339f-2b45-447e-bdd3-0bf4bbebc294
Platform

Well this does say it security issue but still does not say which entity it is failing for..Well you can easily track this down using following query. (I.e. replace relevant privilege id as per your requirement)

select name from FilteredPrivilege
where privilegeid = 'cb4b339f-2b45-447e-bdd3-0bf4bbebc294'

As in example it shows user does not have permission to update relevant leads, we given lead update permission to relevant users and that fixed the issue!!

While looking for solution on this problem I also found few CRM Security Reports displaying all role privileges, including hidden privileges.

Cheers,
MayankP:)

Categories: CRM 4.0, Tips & Tricks Tags: , ,

CRM 4.0 AD Security Groups

August 10, 2010 Leave a comment

When you installed CRM 4.0 then CRM 4.0 installation system creates list of Activity Directory security groups.

Following is the list of security groups that are created as part of CRM 4.0 installed process and their purpose in brief.

PrivUserGroup
The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses
The user account that runs the Microsoft Dynamics CRM installation
The computer account on which the Microsoft Dynamics CRM-Exchange E-mail Router will be installed

ReportingGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

SQLAccessGroup

The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses

UserGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

PrivReportingGroup
The computer account on which the Microsoft Dynamics CRM Data Connector for Microsoft SQL Server Reporting Services will be installed.

Since these above AD Security Groups needs to be create as part of CRM 4.0 Installation MS recommends user who is installing CRM 4.0 should be Active directory administrator. This is recommended but you can get around this requirement as well.

Check out following KB article for the same
http://support.microsoft.com/kb/946677/en-gb

Hope this helps..

Cheers,
MayankP:)

Categories: CRM 4.0 Tags: ,
Follow

Get every new post delivered to your Inbox.