Blog Post: Strange behaviour when using security roles with the teams in CRM2011

I was trying to setup the security roles on teams instead of assigning security role to the individual users. The end result is it does not work.

Here are the details of what happened.

I had a user with security role named “Manager”. Everything was working properly. The user was able to create and update the entities defined in the security role. We decided to the create a team named “Manager” and assign the  role to the team. I added the user to the team and remove the security role from the user. Here is what happened after that

I was able to open , create and update the entities as defined in the security roles until we created a new for form for an existing entity.

when I tried to  open the new form for the entity, I received the following error message.

I had a look in the event viewer. It was showing the following warning message.

Exception message: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 3be48aca-0f39-e211-bce1-005056b8253f, OwnerId: 9cc2541a-9137-e211-bce1-005056b8253f,  OwnerIdType: 8 and CallingUser: 9cc2541a-9137-e211-bce1-005056b8253f. ObjectTypeCode: 2500, objectBusinessUnitId: bf221f51-8537-e211-bce1-005056b8253f, AccessRights: WriteAccess

The object type code 2500 represents the entity “User Entity UI Settings”. I checked the permissions on the entity. The user had the permission on the entity. The most annoying part was that I was able to open the existing form without a problem.

So I decided to look a bit deeper into the problem and here are my finding.

1. I created a new user and add the user to the team without assigning any role to the user.

I received an error message “Access Is Denied” every time I tried to open any entity form.

2. I added the same security role to the user as team security role.

I was able to open the entity forms without a problem.( I tried to open account and contact entity

3. I removed the security role from the user again

I was able to open the entity forms I tried in step 2 but, I was unable to open the form for any other entity or different  form for the same entity.