CRM 2013 Exception Handling due to Security Roles

Question

I have a plugin which fires on Update of the Incident entity. It creates a new record in another table (new_documentaccess). This new_documentaccess record needs to have the same Owner as that of the Incident entity.

Now, I understand that I cannot set the Owner field like any other field on the entity by doing a simple assignment.

So, I wrote in the following.

public void CreateDocumentAccess(Incident incident)
{
    new_documentsaccess documentAccess = new new_documentsaccess();
    documentAccess.new_CaseId = incident.ToEntityReference();
    documentAccess.new_name = incident.OwnerId.Name;

    Guid recordId = crmService.Create(documentAccess);
    var request = new AssignRequest{
            Assignee = new EntityReference(SystemUser.EntityLogicalName, incident.OwnerId.Id),
            Target = new EntityReference(new_documentsaccess.EntityLogicalName, recordId)};
    crmService.Execute(request);
}

However, I got the following error during execution when I was debugging with

Break when an exception is Thrown: enabled for Common Language Runtime Exceptions.

thrown at the line

    var request = new AssignRequest{
            Assignee = new EntityReference(SystemUser.EntityLogicalName, incident.OwnerId.Id),
            Target = new EntityReference(new_documentsaccess.EntityLogicalName, recordId)};

Principal user (Id=e9e3a98d-a93e-e411-80bc-000c2908bc67, type=8) is missing prvAssignnew_documentsaccess privilege (Id=7ecaf3da-77c8-4ee3-9b29-e5a4455cd952)"}

My Plugin code is as follows

try
{
    CreateDocumentAccess(Incident incident);
}
catch (FaultException<OrganizationServiceFault> ex)
{
throw new InvalidPluginExecutionException("An error occurred while creating the document access.", ex);
}
catch (Exception ex)
{
  TracingService.Trace("ExecutePreIncidentUpdate: {0}", ex.ToString());
  throw;
}

If I just run it as User using the front end, I get the following error.

Exiting PluginPreIncidentUpdate.Execute(), Correlation Id: 4e7e4c3c-3cef-46ab-8d08-a6d0dbca34c7, Initiating User: be179876-9b39-e411-80bb-000c2908bc67

Questions

1. What code changes should I be making so that even if it errors out on the above mentioned error, the ErrorDetails.txt captures the error Principal user (Id=e9e3a98d-a93e-e411-80bc-000c2908bc67, type=8) is missing prvAssignnew_documentsaccess privilege (Id=7ecaf3da-77c8-4ee3-9b29-e5a4455cd952) ?

2. Why is it not happening already?

Answer 1

Firstly: To answer your questions:
Trace logs are only included with InvalidPluginExecutionException. Your second catch is being used and is throwing the caught exception not an "InvalidPluginExecutionException"

Changing this:

catch (Exception ex)
{
  TracingService.Trace("ExecutePreIncidentUpdate: {0}", ex.ToString());
  throw;
}

To something like this should pull your trace logs through into the ErrorDetails attachment.

catch (Exception ex)
{
  TracingService.Trace("ExecutePreIncidentUpdate: {0}", ex.ToString());
  throw new InvalidPluginExecutionException("An error has occurred");
}

Secondly: The cause
The error you are getting is indicating that the user does not have privileges to assign a new_documentaccess record.

When you register a plugin and add a new step; you can choose which user's context to run it in. By default this is set to "Calling User".

Can you confirm that the calling user is in a security role that has the assign privilege for new_documentaccess records?