AgentDesktop: CAL User licensing

Jun 24, 2010 at 7:42 AM


I want to confirm that the behaviour we are seeing is correct in regards to the CAL Access Mode setting. We've installed CRM, UII and deployed the sample AgentDesktop application data into CRM. We've also been through the below steps to setup a test user... 

  1. Created new Team = CCA_Agents
  2. Created new user ccaUser1
  3. Added ccaUser1 into CCA_Agents team
  4. Assigned ccaUser1 role of "UII Agent"
  5. Under UII Settings, Hosted Applications, sharing, selected all apps and assigned to CCA_Agents team

 When I then run the AgentDesktop application, if I have the user's Access Mode set to "Read-Only" I get the following error:

  <description>SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: b6da3248-447f-df11-b98b-000c29475d2a and PrivilegeId: ba16067b-521f-480c-ad6d-c438e6026e18</description>

Looking at the trace this is when the Agent Desktop is sending an update of the session transfer property.

>SOAP Request:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="" xmlns:xsi="" xmlns:xsd="">
<CrmAuthenticationToken xmlns="">
<AuthenticationType xmlns="0">0</AuthenticationType>
<OrganizationName xmlns="CIS">CIS</OrganizationName>
<CallerId xmlns="00000000-0000-0000-0000-000000000000">00000000-0000-0000-0000-000000000000</CallerId>
<Update xmlns="">
<entity xmlns:q1="" xsi:type="q1:DynamicEntity" Name="uii_sessiontransfer">
<q1:Property xsi:type="q1:KeyProperty" Name="uii_sessiontransferid">
<q1:Property xsi:type="q1:LookupProperty" Name="uii_toagentid">
<q1:Value name="CCA User1" type="systemuser" dsc="0">b6da3248-447f-df11-b98b-000c29475d2a</q1:Value>

I also notice that if I turn on the Audit flags under UII Setting - General Settings, I get a similar error. The same if I remove all the hosted applications that are assigned to this user's team.

However if I set the user's Access Mode to "Full", then there isn't a problem, I can start all the application, log audit data, etc. I assume this is simply that "Read-Only" is exactly that, and whenever you want to write/log anything back via CRM you need "Full" CAL licenses. Yes?

Does this mean that I'll need to go through the AgentDesktop sample and ensure any areas that perform a write to CRM aren't used? Or just start with my own desktop shell.

On the auditing side, I'm thinking I could just write directly to the database, and then use CRM to create/view any reports.

Appreciate any thoughts on these comments, I guess I'm just looking for confirmation that my thinking is correct, just in case there's something I've missed.






Jul 2, 2010 at 6:17 AM

You need to configure agents with "Full" access.

Jul 2, 2010 at 6:52 AM

Thanks muditv for your reply.

I've since heard that entities starting with UII should be able to be written to, with just a limited "read only" license. I'm still looking to have this confirmed and to understand why this isn' t the case with my CRM instance.

Jan 21, 2011 at 9:07 AM

Hi Michael,

I am facing a similar issue but still have not been able to resolve the issue with read only access level. If I change the access level to "Full" it works fine. Can you please let me know if you were able to resolve the issue and what did you do to resolve it ? 




Jan 22, 2011 at 10:13 PM

I think this is just the way Microsoft treats the licensing rather than the access mode you need to set for each CCA user in CRM?  If I recall correctly they need write access to the UII entities but there are some special licensing rules for the CCA if those are the only entities touched by those users.  It's been a while now since I looked at this so I might be miss-remembering some of the details.

I think I asked Microsoft about this directly having gotten confused myself but never received a straight (any?) reply...

-- Regards, Simon

Jan 26, 2011 at 1:32 AM

The Licensing Model for CCA\UII is actually pretty simple ( in Microsoft terms ;) )

Users/Administrators of CCA\UII need at the minimum a Limited CAL (Bought License)
The limited CAL allows a user or device read-only access to the CRM server. In other words, users with a limited CAL may access CRM information but may not make any edits or updates to it.

That said.. due to the technical requirements of CRM and UII, you need to tag these users as Full Users in CRM user configuration. You just can’t use those licenses to do anything other than Read Only stuff.
If you have questions about this, for your particular case, you should ping your MS Account Rep..


Jan 26, 2011 at 3:20 PM

Hey Matt and Simon,

Thanks for your help on this issue. I was just wondering if I am doing anything wrong in configuring as I was always getting the Privilege error when users were configured as Read Only. So, now I understand that I must configure users as Full users for minimal CCA use. Anyways, I will check with the Account Rep. here on the same.