I was trying to setup the security roles on teams instead of assigning security role to the individual users. The end result is that it does not work very well.
Here are the details of what happened.
I had a user with security role named “Manager”. Everything was working as expected. The user was able to create and update the entities defined in the security role. We decided to the create a team named “Manager” and assign the role to the team. I added the user to the team and remove the security role from the user. Here is what happened after that
I was able to open , create and update the entities as defined in the security roles until we created a new for form for an existing entity.
When I tried to open the newly created form for the entity, I received the following error message.
I had a look in the event viewer. It was showing the following warning message.
Exception message: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: 3be48aca-0f39-e211-bce1-005056b8253f, OwnerId: 9cc2541a-9137-e211-bce1-005056b8253f, OwnerIdType: 8 and CallingUser: 9cc2541a-9137-e211-bce1-005056b8253f. ObjectTypeCode: 2500, objectBusinessUnitId: bf221f51-8537-e211-bce1-005056b8253f, AccessRights: WriteAccess
The object type code 2500 represents the entity “User Entity UI Settings”. I checked the permissions on the entity. The user had the required permissions on the entity. The most annoying part was that I was able to open the existing form without a problem.
So I decided to look a bit deeper into the problem and here are my findings.
1. I created a new user and add the user to the team without assigning any role to the user.
I received an error message “Access Is Denied” every time I tried to open any entity form.
2. I added the same security role to the user as security role assigned to the team.
I tried to open account and contact entity form and I was able to open them without an error.
3. I removed the security role from the user again
I was able to open the entity forms I tried in step 2 but, I was unable to open the form for any other entity or different form for the same entity.
You have to have a security role assigned to the user to open any entity form minimum for the first time.