{Dynamics CRM} Programatically Assign privilege to security role for an entity in MSCRM

Recently in my project, I had a requirement where I needed to assign security privilege to all the roles in the system to a custom entity Programatically. Let’s see how we can achieve the same.

Whenever a custom entity is added in CRM, CRM internally created eight privilige records for the entity for the privileges – Read, Create, Write, Assign, Delete, Append, AppendTo and Share

The name of the privilege records create would be in the format of prv<privilege><entitylogicalname>. So if the logical name of the entity is crmtr_testentity1  then for create privilege, the privilege name in CRM for Create would be prvCreatecrmtr_testentity1. The code below would fetch all the privileges for the entity crmtr_testentity1.

var orgService = GetOrganizationService();
var query = new QueryExpression(“privilege”);
query.ColumnSet = new ColumnSet(true);
query.Criteria.AddCondition(new ConditionExpression(“name”, ConditionOperator.Like, “%crmtr_testentity1%”));
var collection = orgService.RetrieveMultiple(query);

You need to implement the method GetOrganizationService() which would return the OrganizationServiceProxy instance.

Lets see what is returns. In the screenshot below, I have attached the results that I can view in debugger

Image1

As you could see, all the eight privileges for this record has been returned.

Now for demo purpose let us give Marketing Manager security role User level create and business unit level for Write privilege. The code below does the same.

foreach (var prv in collection.Entities)
{
switch ((string)prv[“name”])
{
case “prvCreatecrmtr_testentity1”:
{
AddPrivilegesRoleRequest req = new AddPrivilegesRoleRequest
{
RoleId = new Guid(“1A7F9E89-8283-E311-8E04-463500000031”),
Privileges = new[]
{
new RolePrivilege
{
Depth = PrivilegeDepth.Basic,
PrivilegeId = prv.Id
}
}
};
break;
}

case “prvWritecrmtr_testentity1”:
{
AddPrivilegesRoleRequest req = new AddPrivilegesRoleRequest
{
RoleId = new Guid(“1A7F9E89-8283-E311-8E04-463500000031”),
Privileges = new[]
{
new RolePrivilege
{
Depth = PrivilegeDepth.Local,
PrivilegeId = prv.Id
}
}
};
break;
}
}

}

1A7F9E89-8283-E311-8E04-463500000031 is the Guid of the marketing manager role. Looking at the code we find that we are using the AddPrivilegesRoleRequest to do the same. The code is pretty simple and self expalnatory. The access level is provided by the PrivilegeDepth enumeration.

Once the code oi executed we now have User level create and Business Unit level write on the Test Entity 1 for the Marketing Manager security role.

Image2

Hope this helps!

Advertisements

5 thoughts on “{Dynamics CRM} Programatically Assign privilege to security role for an entity in MSCRM

    1. Hi Jishad,

      I haven’ tried this doing in javascript. But I guess you can do that.

      So what you need to do is to use the SoapLogger tool that ships with the SDK. You need to find the XML request that gets generated for the AddPrivilegesRoleRequest which you can find through the soaplogger. Then I guess you should be able to do it

  1. Hi Jishad,

    SOAP Logger is used to find the raw XML request that is sent to CRM for each message. It is just a helper library that ships with the SDK to find out the raw xml request.

    Once you have the raw xml request, you can simply use XmlHttpRequest in javascript.

    through OData you cannot do this.

    1. I generate the xml request and I sent the XmlHttpRequest, but it seems to be an internal server error.
      Once I go through the XML code the privilege related things are only in the XML Response not in the XML Request generated.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s