This project is read-only.

Permissions error using Audit Plugin


Hi There
I have successfully used the Audit plugin to audit changes to 3 entities, when I use it using an account that has system admin privileges it works fine, but when I try to use a normal account that has not any special privileges, I gave it every privilege I could to the 2 audit entities but still get an error. If I disable the plugin the error goes away.
I have attached a file with a screen shot of the error and the text that in the event viewer of the CRM server is:
Event Type: Error
Event Source: MSCRMWebService
Event Category: None
Event ID: 18176
Date: 9/27/2011
Time: 12:04:12 PM
User: N/A
Web Service Plug-in failed in OrganizationId: 76384b17-1eef-4de2-862a-fe925a132672; SdkMessageProcessingStepId: e83ded3c-e0d1-e011-976a-00155d050116; EntityName: erma_iapstransaction; Stage: 50; MessageName: Update; AssemblyName: Custom.Crm.Audit, Custom.Crm.Audit, Version=, Culture=neutral, PublicKeyToken=e86f6c07b0fe8025; ClassName: Custom.Crm.Audit; Exception: Unhandled Exception: System.Web.Services.Protocols.SoapException: Server was unable to process request.
Detail: <detail><error>
<description>SecLib::CheckPrivilege failed. Returned hr = -2147220960, User: 38f44337-7ce2-e011-976a-00155d050116, PrivilegeId: a3311f47-2134-44ee-a258-6774018d4bc3</description>
at Microsoft.Crm.Extensibility.SdkTypeProxyMetadataServiceWrapper.InternalInvoke(MethodInfo methodInfo, Object[] parameters)
at Microsoft.Crm.Extensibility.SdkTypeProxyMetadataServiceWrapper.Execute(Object request)
at Custom.Crm.Audit.Execute(IPluginExecutionContext context)
at Microsoft.Crm.Extensibility.PluginStep.Execute(PipelineExecutionContext context)
For more information, see Help and Support Center at
Any help would be much appreciated.

file attachments


MayBoy wrote Sep 27, 2011 at 11:38 PM

The Event error shows that the permission that is failing is a Read permission, the user id that is shown is the administrator user so that makes little sense. The inference is that the user has no permission to read the Organisation, which makes no sense since the user can read all entities through the UI.

MayBoy wrote Sep 30, 2011 at 2:33 AM


If the entity being audited is a custom entity, the audit plugin requires that the user has access to the meta data for the entity it is auditing, so you need to give the user read on the custom tab to entity, attribute and relationship so that the plugin can see this data.

wrote Feb 14, 2013 at 2:59 AM