Tag Archives: CRM Security

CRM 2011: Reassign or Transfer Personal Views

Recently come across scenario where one of CRM user left the company and that user owned specific views which need to be transfer to his replacement CRM users.

These views created by old user using CRM advanced find screen and hence they are personal view of that user and as per CRM security settings even system administrator can not able to view and transfer this views to new user.

So I decided use impersonation to resolve this issue and created small standalone application for the same.

This application is shared below.
CRM2011_ReAssignViews_EXE

Following is few more details regarding this application for the same.

Step 1: after downloading, CRM2011_ReAssignViews_EXE.zip and extract the files.

Step 2: after extracting run the CRM2011_ReAssignViews_EXE.exe from extracted files.

Step 3: provide CRM server name, relevant port number, organization name and provide relevant credential for the same and then click on “Retrieve List of User” button.

For further steps and information please refer to following screen print for the same.

Note: – Please note that both users needs to active in CRM to perform above actions.

Hope this helps..

Cheers,
MayankP:)

Advertisements

CRM 4.0 Security Privileges

Recently we started getting following error on one of our CRM environment.

Server was unable to process request.
0x80040220
SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: 6e7d3c02-b2c2-df11-a8e6-78e7d1e8d0ae and PrivilegeId: cb4b339f-2b45-447e-bdd3-0bf4bbebc294
Platform

Well this does say it security issue but still does not say which entity it is failing for..Well you can easily track this down using following query. (I.e. replace relevant privilege id as per your requirement)

select name from FilteredPrivilege
where privilegeid = 'cb4b339f-2b45-447e-bdd3-0bf4bbebc294'

As in example it shows user does not have permission to update relevant leads, we given lead update permission to relevant users and that fixed the issue!!

While looking for solution on this problem I also found few CRM Security Reports displaying all role privileges, including hidden privileges.

Cheers,
MayankP:)

CRM 4.0 AD Security Groups

When you installed CRM 4.0 then CRM 4.0 installation system creates list of Activity Directory security groups.

Following is the list of security groups that are created as part of CRM 4.0 installed process and their purpose in brief.

PrivUserGroup
The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses
The user account that runs the Microsoft Dynamics CRM installation
The computer account on which the Microsoft Dynamics CRM-Exchange E-mail Router will be installed

ReportingGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

SQLAccessGroup

The account that the CRMAppPool application pool uses
The account that the ASP.NET process model uses

UserGroup
All Microsoft Dynamics CRM user accounts (this includes the user who is installing Microsoft Dynamics CRM)

PrivReportingGroup
The computer account on which the Microsoft Dynamics CRM Data Connector for Microsoft SQL Server Reporting Services will be installed.

Since these above AD Security Groups needs to be create as part of CRM 4.0 Installation MS recommends user who is installing CRM 4.0 should be Active directory administrator. This is recommended but you can get around this requirement as well.

Check out following KB article for the same
http://support.microsoft.com/kb/946677/en-gb

Hope this helps..

Cheers,
MayankP:)