So, one of these days I had a pretty interesting case. Just to give you an overview, on-premise environment, custom security roles, activity feeds installed.

The issues was as follows:

Navigating to any of the main entities, going on the Ribbon and adding a file that way worked just fine.

Creating a note, then opening it and trying to add an attachment resulted in the following error:


Pretty interesting, so I go first to Notes, and the group permissions are as follows:


Ok then, so the problem is not there. Just for kicks, I checked also the Append and Append To on the hosting entities (Case, Account, Contact). All looking good.

Last resort, let’s have a look at the logs then. Just to make your life easier, since tracing is not enabled by default on the server, there is nice free tool that allows you with a click of a button to enable/disable tracing, among other things. It is called Diagnostics Tool for Microsoft Dynamics CRM 2011 and can be found on Codeplex at

Once you’ve got a hold of the trace file, start looking for errors. It appears that this particular issue resulted in a message of: “Principal user … is missing prvReadmsdyn_PostAlbum privilege” message.

This is related to the Activity Feeds. Basically, what is requires is this: in the security role your user is in, go to the Custom Entities tab, and look for Profile Album entity. Make sure that Read is set to at least User.


Now try adding a file again to an existing note. Everything works as expected.