Programatically Assign privilege to security role for an entity in MSCRM

Recently in my project, I had a requirement where I needed to assign security privilege to all the roles in the system to a custom entity Programatically. Let’s see how we can achieve the same.

Whenever a custom entity is added in CRM, CRM internally created eight privilige records for the entity for the privileges – Read, Create, Write, Assign, Delete, Append, AppendTo and Share

The name of the privilege records create would be in the format of prv<privilege><entitylogicalname>. So if the logical name of the entity is crmtr_testentity1  then for create privilege, the privilege name in CRM for Create would be prvCreatecrmtr_testentity1. The code below would fetch all the privileges for the entity crmtr_testentity1.

var orgService = GetOrganizationService();
var query = new QueryExpression(“privilege”);
query.ColumnSet = new ColumnSet(true);
query.Criteria.AddCondition(new ConditionExpression(“name”, ConditionOperator.Like, “%crmtr_testentity1%”));
var collection = orgService.RetrieveMultiple(query);

You need to implement the method GetOrganizationService() which would return the OrganizationServiceProxy instance.

Lets see what is returns. In the screenshot below, I have attached the results that I can view in debugger

Image1

As you could see, all the eight privileges for this record has been returned.

Now for demo purpose let us give Marketing Manager security role User level create and business unit level for Write privilege. The code below does the same.

foreach (var prv in collection.Entities)
{
switch ((string)prv[“name”])
{
case “prvCreatecrmtr_testentity1”:
{
AddPrivilegesRoleRequest req = new AddPrivilegesRoleRequest
{
RoleId = new Guid(“1A7F9E89-8283-E311-8E04-463500000031”),
Privileges = new[]
{
new RolePrivilege
{
Depth = PrivilegeDepth.Basic,
PrivilegeId = prv.Id
}
}
};
break;
}

case “prvWritecrmtr_testentity1”:
{
AddPrivilegesRoleRequest req = new AddPrivilegesRoleRequest
{
RoleId = new Guid(“1A7F9E89-8283-E311-8E04-463500000031”),
Privileges = new[]
{
new RolePrivilege
{
Depth = PrivilegeDepth.Local,
PrivilegeId = prv.Id
}
}
};
break;
}
}

}

1A7F9E89-8283-E311-8E04-463500000031 is the Guid of the marketing manager role. Looking at the code we find that we are using the AddPrivilegesRoleRequest to do the same. The code is pretty simple and self expalnatory. The access level is provided by the PrivilegeDepth enumeration.

Once the code oi executed we now have User level create and Business Unit level write on the Test Entity 1 for the Marketing Manager security role.

Image2

Hope this helps!

Advertisements

Author: Debajit

I am a Dynamics CRM Most Valuable Professional (MVP) with 10 years of experience in Microsoft .NET Technologies and 7 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of XrmForYou.com with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through XrmForYou.com Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under XrmForYou.com For consulting/ training, drop me a note at info@xrmforyou.com or visit our website www.xrmforyou.com

5 thoughts on “Programatically Assign privilege to security role for an entity in MSCRM”

    1. Hi Jishad,

      I haven’ tried this doing in javascript. But I guess you can do that.

      So what you need to do is to use the SoapLogger tool that ships with the SDK. You need to find the XML request that gets generated for the AddPrivilegesRoleRequest which you can find through the soaplogger. Then I guess you should be able to do it

  1. Hi Jishad,

    SOAP Logger is used to find the raw XML request that is sent to CRM for each message. It is just a helper library that ships with the SDK to find out the raw xml request.

    Once you have the raw xml request, you can simply use XmlHttpRequest in javascript.

    through OData you cannot do this.

    1. I generate the xml request and I sent the XmlHttpRequest, but it seems to be an internal server error.
      Once I go through the XML code the privilege related things are only in the XML Response not in the XML Request generated.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s