I have a dataAdministrator role which has full permissions to the Contact entity (full read/write/delete/modify/assign everything the works). I have a plugin that performs some checks when deleting a different custom entity (the dataAdministrator has full access to that as well) and updates the Contacts parentcustomerid to null if certain conditions are met.
Now as a System Administrator, the code works perfectly. However the dataAdministrators get the embarrassingly usesless error message "The user does not hold the necessary privileges." but with no indication of what privilege is missing. Yes I downloaded the error log that is provided as an option with the error dialog but there is nothing in there (no guids or other indicators like prvReadContact) to indicate what went wrong.
Now the dataAdministrators can update this field. Other parts of the plugin assign a value to this field and that works no problem. Only when the code attempts to assign null to parentcustomerid (to clear the field) do I get this error.
Has anyone seen this before? If not can anyone suggest how I might get CRM to tell me what privilege is missing?
** EDIT 1 **
So the plugin in question automatically clears a the parentcustomerid which is readonly on the form. I decided to make it editable and clear the field manually and see if the same error came up.
Fortunately this caused a different error. The error was happening because of a different plugin (one I did not write) that was trying to remove and clear the customerAddress entity and clear the BusinessAddress fields for the Contact. I am uncertain if the mere fact that the plugin is trying to delete the CustomerAddress entity is causing the error or if there is some other problem.
I can't find any permissions settings for the CustomerAddress entity, does everyone have full access to this entity by default?
From this community answer it looks like Customer Address Entity inherits the security role privileges from Account entity. Give the delete privilege for Account entity & verify the plugin execution.
giving rights to the Account entity drives the permissions on the Address entity. (Customer Address)