If your Dynamics CRM/365/Dataverse users are hitting permissions problems, you’ll likely be faced with an error log full of codes which, while they contain a lot of important data, aren’t exactly helpful:

Principal with id 1eab4c02-4ab4-41d5-b1b4-93c9800d68a2 does not have WriteAccess right(s) for record with id e91a57c8-afb0-4fa4-b48f-da4b7ac8bf30 of entity activitypointer. Details: {"CallerPrincipal":{"PrincipalId":"1eab4c02-4ab4-41d5-b1b4-93c9800d68a2","Type":8,"IsUserPrincipal":true},"OwnerPrincipal":{"PrincipalId":"eef8fbc4-9dfd-43b5-b68b-c481229ccce7","Type":8,"IsUserPrincipal":true},"ObjectId":"e91a57c8-afb0-4fa4-b48f-da4b7ac8bf30","ObjectTypeCode":4200,"EntityName":"activitypointer","ObjectBusinessUnitId":"0c92636a-d920-e511-b427-d89d67632c70","RightsToCheck":"WriteAccess","RoleAccessRights":"None","PoaAccessRights":"None","HsmAccessRights":"None","GrantedAccessRights":"None","Messages":["PrincipalHasOwnerPrincipalWithAtLeastBasicPrivilegeDepth = False","EntityUserGroupRights = None","MinimumPrivilegeDepthRequired = Local","SecLib::AccessCheckEx2 failed. Owner Data: roleCount=12, privilegeCount=1151, accessMode=0; Principal Data: roleCount=17, privilegeCount=1151, accessMode=0"],"EntityOwnershipTypeMask":1,"CallerInfo":{"IsSystemUser":false,"IsSupportUser":false,"IsAdministrator":false,"IsCustomizer":false,"IsDisabled":false,"IsIntegrationUser":false,"Teams":null,"Roles":null},"ReadOnlyState":"UserAndOrgFullAccess","IsHsmEnabled":false,"HsmInfo":null}

My Security Debugger tools for XrmToolBox is here to help. Copy in the error message and it’ll pull out all the important parts, describe what it really means and what permissions you need to give the user to fix it.

Security Debugger Screenshot

It will even suggest possible changes to fix the problem straight away, such as giving the user another security role, extending a role they’ve already got, or sharing the problem record with them.

You can install the tool free from the XrmToolBox tool store.

Permissions errors come in lots of different formats, and I’ve built this tool to handle all the ones I’ve seen examples of so far. It’s quite possible you get one in another format that the tool doesn’t understand yet. If so, please add the details to an issue on the GitHub site so I can extend the tool to cover it!