My team recently encountered an error in Dynamics 365, and I thought it would be interesting to share the solution. Thanks to Microsoft support for providing an explanation.
We had created a custom security role with restricted privileges that could not create knowledge articles, and a user assigned to this security role would get an error trying to link a knowledge article to a case.
Here’s where the linking of a knowledge article to a case is performed:
After clicking the link button, an error message dialog is shown.
The full error message contents were:
Principal user (Id=22fa4340-04c3-ea11-a812-000d3a591c47, type=8, roleCount=6, privilegeCount=801, accessMode=0), is missing prvCreateKnowledgeArticle privilege (Id=a4961bea-487e-4726-b85b-be9ae3ddc0fe) on OTC=9953 for entity ‘knowledgearticle’. context.Caller=22fa4340-04c3-ea11-a812-000d3a591c47. Or identityUser.SystemUserId=db1bc01a-5fdb-4759-867b-069bc607136a, identityUser.Privileges.Count=3534, identityUser.Roles.Count=0 is missing prvCreateKnowledgeArticle privilege (Id=a4961bea-487e-4726-b85b-be9ae3ddc0fe) on OTC=9953 for entity ‘knowledgearticle’.
This prvCreateKnowledgeArticle error didn’t make sense to us because we only wanted the user to associate the knowledge article to the case, but the error message is stating the user needs create privilege.
We opened the support case to ask if this is a misleading error message, and if there are alternate privileges that are supposed to be assigned that allow for linking knowledge articles to cases. Here’s the information provided by Microsoft Support:
- KnowledgeArticleIncident entity is defined as child entity of KnowledgeArticle entity.
- KnowledgeArticleIncident doesn’t have any privilege or roles defined but inherits from KnowledgeArticle.
- Hence, we see the privilege error messages mentioned i.e., user doesn’t have create permission on KnowledgeArticle to create a record of KnowledgeArticleIncident incident
- To resolve, we confirmed the resolution is to assign Create and Write Permission on entity ‘Knowledge Article’ for affected Users security role.
The key takeaway here is there’s another entity behind the scenes involved in creating a many-to-many association between the knowledge article and case entities – the KnowledgeArticleIncident entity – and privileges can’t be defined directly on it, and the privileges for this association entity are inherited from KnowledgeArticle.
So unfortunately, it is necessary to define extra privileges on the KnowledgeArticle entity to resolve this error and to allow linking a knowledge article to a case, which may result in users having more knowledge article privileges than may be desired. These extra privileges could be compensated for through user training, or the careful use of publishing approval.
I’m also thinking a plugin could be created to execute the linking operation as a user with elevated privileges, but I have not tried this.
Hopefully this information helps the next person who gets caught by this confusing error message!