cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Lars_Maryniak
Level: Powered On

Approval Flow failed with XrmApprovalsGeneralPermissionsError.

Hi, my Approval Flows woks fine until last Friday. All of them fail with the same exception.

Delete the connection and re-created them, does not solved the problem.

Forbidden. The request failed. Error code: 'XrmApprovalsGeneralPermissionsError'. Error Message: 'Encountered a general permissions error trying to access the CDS database. This could be caused by modification of the approvals administrator or user roles, or by an incompatible plugin. Detailed message: 'Message: Principal user (Id=cdae6d04-8800-ea11-a811-000d3ab200b5, type=8, roleCount=4, privilegeCount=558, accessMode=1(Setup/Stub user with filtered privileges from associated roles. Consider changing user AccessMode to Full (without privilege filtering)), is missing prvCreatemsdyn_flow_actionapprovalmodel privilege (Id=d6636db2-a361-4583-9232-7636bfc530b6) on OTC=10346. context.Caller=cdae6d04-8800-ea11-a811-000d3ab200b5 Code: 0x80040220 InnerError: Type: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]] Message: Principal user (Id=cdae6d04-8800-ea11-a811-000d3ab200b5, type=8, roleCount=4, privilegeCount=558, accessMode=1(Setup/Stub user with filtered privileges from associated roles. Consider changing user AccessMode to Full (without privilege filtering)), is missing prvCreatemsdyn_flow_actionapprovalmodel privilege (Id=d6636db2-a361-4583-9232-7636bfc530b6) on OTC=10346. context.Caller=cdae6d04-8800-ea11-a811-000d3ab200b5 StackTrace: at Microsoft.Crm.Extensibility.OrganizationSdkServiceInternal.CreateInternal(Entity entity, InvocationContext invocationContext, CallerOriginToken callerOriginToken, WebServiceType serviceType, Boolean checkAdminMode, Dictionary`2 optionalParameters) at Microsoft.Crm.Extensibility.OData.CrmODataExecutionContext.CreateOrganizationResponse(Entity entity) at Microsoft.Crm.Extensibility.OData.CrmODataServiceDataProvider.CreateEdmEntity(CrmODataExecutionContext context, String edmEntityName, EdmEntityObject entityObject, Boolean isUpsert) at Microsoft.Crm.Extensibility.OData.EntityController.PostEntitySetImplementation(String& entitySetName, EdmEntityObject entityObject) at Microsoft.PowerApps.CoreFramework.ActivityLoggerExtensions.Execute[TResult](ILogger logger, EventId eventId, ActivityType activityType, Func`1 func, IEnumerable`1 additionalCustomProperties) at Microsoft.Xrm.Telemetry.XrmTelemetryExtensions.Execute[TResult](ILogger logger, XrmTelemetryActivityType activityType, Func`1 func) at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext() InternalException: ''.

1 ACCEPTED SOLUTION

Accepted Solutions
Super User
Super User

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.


@Lars_Maryniak wrote:

Hi and thanks for reply. The given thread explanted perfect the Access Modes. But what I’ll missing is the description how to change an Application User Access Mode back to Non-interactive.  Specially for the user flowdev@microsoft.com. This User or Application is only visible at Dynamics 365 (CE) Users. Can not find the User or Application in Active Directory.

 

user.PNG


Simply reverse the steps for creating a new non-interactive user:

  1. Create a user account in the Office 365 Admin Center.
  2. Be sure to assign a Dynamics 365 (online) license to the account.
  3. Go to Dynamics 365 (online).
  4. Go to Settings > Security.
  5. Choose Users > Enabled Users, and then click a user’s full name.
  6. In the user form, scroll down under Administration to the Client Access License (CAL) Information section and select Non-interactive for Access Mode.
  7. You then need to remove the Dynamics 365 (online) license from the account.
  8. Go to the Office 365 Admin Center.
  9. Click Users > Active Users.
  10. Choose the non-interactive user account and under Product licenses, click Edit.
  11. Turn off the Dynamics 365 (online) license, and then click Save > Close multiple times.
  12. Go back to Dynamics 365 (online) and confirm that the non-interactive user account Access Mode is still set for Non-interactive.

If you need further support, please contact Dynamics 365 support directly

👨🏻‍💻 If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

View solution in original post

6 REPLIES 6
Super User
Super User

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.

Hi @Lars_Maryniak 

 

Although the error message looks complicated, it's stating that there's an issue with the permissions. Somewhere, centrally changed the permissions to access.

 

Can you ask your administrator if there were any changes? The exception also indicates the permissions needed, so please check with him/her if you have the " Consider changing user AccessMode to Full (without privilege filtering)), is missing prvCreatemsdyn_flow_actionapprovalmodel privilege. "

 

Makes sense?

 

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Cheers
Manuel 

Lars_Maryniak
Level: Powered On

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.

Hi Manuel, thanks for replay.

First, you can not change the AccessMode for the User. This is while the user used for the Approval connection is an “Application User”. Change the AccessMode means assign a License. This is not possible for “Application Users”. In the Exception the User Guid point to the User flowdev@microsoft.com.

Second, I’ll checked the security roles for the flowdev@microsoft.com user. And assigned the following roles:

-       Approvals Administrator

-       Approvals User

-       Common Data Service User

-       System Administrator

This set of roles should make sure that the user has all privileges. Specially the  missing prvCreatemsdyn_flow_actionapprovalmodel privilege  is granted via Role approval Administrator.

Lars_Maryniak
Level: Powered On

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.

After a little more research, I’ll get more details about the error.

Someone changes the Access Mode from Non-interactive to Administrative.

Make sense, will total fit to the exception message.

The question is how to change it back? This is not allowed within the CDS User management.

Community Support Team
Community Support Team

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.

 

Hi @Lars_Maryniak ,

 

Please check this thread and see if it helps:

https://community.dynamics.com/crm/b/microsoftdynamicscrmandstuff/posts/non-interactive-access-mode

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Lars_Maryniak
Level: Powered On

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.

Hi and thanks for reply. The given thread explanted perfect the Access Modes. But what I’ll missing is the description how to change an Application User Access Mode back to Non-interactive.  Specially for the user flowdev@microsoft.com. This User or Application is only visible at Dynamics 365 (CE) Users. Can not find the User or Application in Active Directory.

 

user.PNG

Super User
Super User

Re: Approval Flow failed with XrmApprovalsGeneralPermissionsError.


@Lars_Maryniak wrote:

Hi and thanks for reply. The given thread explanted perfect the Access Modes. But what I’ll missing is the description how to change an Application User Access Mode back to Non-interactive.  Specially for the user flowdev@microsoft.com. This User or Application is only visible at Dynamics 365 (CE) Users. Can not find the User or Application in Active Directory.

 

user.PNG


Simply reverse the steps for creating a new non-interactive user:

  1. Create a user account in the Office 365 Admin Center.
  2. Be sure to assign a Dynamics 365 (online) license to the account.
  3. Go to Dynamics 365 (online).
  4. Go to Settings > Security.
  5. Choose Users > Enabled Users, and then click a user’s full name.
  6. In the user form, scroll down under Administration to the Client Access License (CAL) Information section and select Non-interactive for Access Mode.
  7. You then need to remove the Dynamics 365 (online) license from the account.
  8. Go to the Office 365 Admin Center.
  9. Click Users > Active Users.
  10. Choose the non-interactive user account and under Product licenses, click Edit.
  11. Turn off the Dynamics 365 (online) license, and then click Save > Close multiple times.
  12. Go back to Dynamics 365 (online) and confirm that the non-interactive user account Access Mode is still set for Non-interactive.

If you need further support, please contact Dynamics 365 support directly

👨🏻‍💻 If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

View solution in original post

Helpful resources

Announcements
firstImage

Better Together Contest Finalists Announced!

Congrats to the finalists of our ‘Better Together’-themed T-shirt design contest! Click for the top entries.

firstImage

Incoming: New and improved badges!

Look out for new contribution recognition badges coming SOON!

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Community Summit North America

The top training and networking event across the globe for Microsoft Business Applications

Top Kudoed Authors
Users online (9,923)