
Announcements
We have 2 domains for emails, @domanA.com and @domainB.com and there is masking on the employees that are part of domain B. The User Principle Name is the domain A, their Mail is domain B.
The problem we are facing is assigning an approval to either of the domains results in the below error:
Forbidden. The request failed. Error code: 'XrmApprovalsGeneralPermissionsError'. Error Message: 'Encountered a general permissions error trying to access the Microsoft Dataverse database. This could be caused by modification of the approvals administrator or user roles, or by an incompatible plugin. Detailed message: 'The cache request to assign a role failed with status code 'Forbidden' and message: 'Message: VerifyCallerPrivileges failed. To avoid elevation of privileges calling user should have all required privileges.
My hypothesis on what is happening is that their account is being granted rights to the system through one of the domains but when an approval is assigned it is attempting to attach it to the other domain that doesn't have access.