1
Vote

Permissions error using Audit Plugin

description

Hi There
 
I have successfully used the Audit plugin to audit changes to 3 entities, when I use it using an account that has system admin privileges it works fine, but when I try to use a normal account that has not any special privileges, I gave it every privilege I could to the 2 audit entities but still get an error. If I disable the plugin the error goes away.
 
I have attached a file with a screen shot of the error and the text that in the event viewer of the CRM server is:
Event Type: Error
Event Source: MSCRMWebService
Event Category: None
Event ID: 18176
Date: 9/27/2011
Time: 12:04:12 PM
User: N/A
Computer: DEVERMA1BERT
Description:
Web Service Plug-in failed in OrganizationId: 76384b17-1eef-4de2-862a-fe925a132672; SdkMessageProcessingStepId: e83ded3c-e0d1-e011-976a-00155d050116; EntityName: erma_iapstransaction; Stage: 50; MessageName: Update; AssemblyName: Custom.Crm.Audit, Custom.Crm.Audit, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e86f6c07b0fe8025; ClassName: Custom.Crm.Audit; Exception: Unhandled Exception: System.Web.Services.Protocols.SoapException: Server was unable to process request.
Detail: <detail><error>
<code>0x80040220</code>
<description>SecLib::CheckPrivilege failed. Returned hr = -2147220960, User: 38f44337-7ce2-e011-976a-00155d050116, PrivilegeId: a3311f47-2134-44ee-a258-6774018d4bc3</description>
<type>Platform</type>
</error></detail>
at Microsoft.Crm.Extensibility.SdkTypeProxyMetadataServiceWrapper.InternalInvoke(MethodInfo methodInfo, Object[] parameters)
at Microsoft.Crm.Extensibility.SdkTypeProxyMetadataServiceWrapper.Execute(Object request)
at Custom.Crm.Audit.Execute(IPluginExecutionContext context)
at Microsoft.Crm.Extensibility.PluginStep.Execute(PipelineExecutionContext context)
.
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
 
Any help would be much appreciated.

file attachments

comments

MayBoy wrote Sep 27, 2011 at 10:38 PM

The Event error shows that the permission that is failing is a Read permission, the user id that is shown is the administrator user so that makes little sense. The inference is that the user has no permission to read the Organisation, which makes no sense since the user can read all entities through the UI.

MayBoy wrote Sep 30, 2011 at 1:33 AM

FIXED IT!

If the entity being audited is a custom entity, the audit plugin requires that the user has access to the meta data for the entity it is auditing, so you need to give the user read on the custom tab to entity, attribute and relationship so that the plugin can see this data.

wrote Feb 14, 2013 at 1:59 AM