{Dynamics CRM + Role Privilege} Record Privilege Checker for Dynamics CRM

Recently I had a requirement where our client’s support and maintenance team wanted a feature through which they can view the privileges for a record for all active users in the system. Ok, let me take a moment to explain here.

Suppose the support team wants to run a regular security check and identify what privilege does a specific user have on specific account records. You might be thinking that is that this hard? After all we can go to the user and identify the security roles of the user. And then determine what access privilege does the security role have on the account

Simple isn’t it? Well it is not. And specially with CRM 2016, a user might end up getting a specific privilege on record through any of the following.

  • Security roles
  • Sharing
  • Access teams
  • Owner team association
  • Hierarchical relationship.

It can be really complex depending on how your system is configured. Then what is the other way of finding out without user intervention. The customer did not want any external utility. They wanted something within CRM from where they could view the information.

So I developed a quick solution and then I thought why not share the community so that anybody in the future having the same requirement can benefit from this.

The tool is available for download for free at codeplex site – https://recordprivilegechecker.codeplex.com/releases/view/629363


Download the managed solution specific to your CRM version. Currently it supports

  • For CRM 2016 Version 8.1
  • For CRM 2016 Version 8.0
  • CRM 2015 Version

Once you install the managed solution, open any record form for any customizable entity. You should see a button called ‘Check User Access’ on the form.


Click on the button. Once you click on the button, a popup will show like the one below where you can view the privilege of all the active users on that particular record



And voila!,  it shows the privilege that each user has on the record. For Organization Owned entities it would show you the privilege as well.



Since ‘Assign’ and Share privileges are not valid for organization owned entities, you can see those privileges are blank.

The results might take some time to pop-up depending on the number of active users and access complexity in your environment.

And finally to round off, you can sort on the ‘FullName’ and ‘User Name’ columns. Also you have paging and searching to slice and dice your data.



Liked this tool? You can make a small donation at paypal account – debajit.prod@gmail.com. Your support and encouragement will help me to make many other tools in the future.


Till then you read one of my blog posts, happy CRM’ing.

{Dynamics 365/ CRM forms} Programmatically access controls from a system form of an entity in Dynamics CRM

It’s been sometime I have published a blog article as I am in neck deep work in some tool development. But still I could not resist myself from penning down this interesting stuff which I came across recently and share with all my readers.

Recently I came across a customer requirement where they needed to fetch all the controls in a tab in on a form for contact entity and show them in one of their external applications which is interacting with Dynamics CRM. I think an example here would explain the scenario.

I have a tab with display name – ‘DEMO TAB’ and name – ‘DEMO_TAB’ on the ‘Contact’ form of the contact entity.


The DEMO TAB has the following controls of the specified type

First Name Single line of text (type = simple)
Last Name Single line of text (type=simple)
Lead Source Optionset
Birthday DateTime
Originating Lead Lookup
Do not allow faxes two options
Credit Limit Currency


I haven’t taken all the data types and surely at the end of this blog you will get an idea on how to proceed with other data types as well.

So let’s see what are the  steps here to achieve the customer requirement.

  • Query the system form entity for contact entity with form name = ‘Contact’
  • Get the formxml
  • Parse the formxml to get all the controls within the DEMO TAB of the form
  • Finally render the controls in the custom application as per the control type. So First name should be rendered as textbox, Birthday probably as DatePicker control and Lead Source as dropdown.

For readers who are aware of ADX portals and how they work, you might have a question coming, isn’t is available OOB? Well it is and ADX is much more than this. We tried to put our point through for it but this is one off requirement for the customer and they have been using their custom application for pretty long time and hence did not want to discontinue the same.

Well, so we are back to our custom development.

Let’s complete our requirement step by step. So lets first write the piece of code to get the controls within the ‘DEMO TAB’ of the ‘CONTACT’ form of contact entity.


var systemForm = GetFormByName("contact", 2, proxy);
var controls = GetTabControls("DEMO_TAB", systemForm.GetAttributeValue<string>("formxml"), proxy);

private static Entity GetFormByName(string formName, int entityTypeCode, IOrganizationService service)
            var query = new QueryExpression("systemform");
            query.Criteria.AddCondition("name", ConditionOperator.Equal, formName);
            query.Criteria.AddCondition("objecttypecode", ConditionOperator.Equal, entityTypeCode);

            var results = service.RetrieveMultiple(query);

            return results.Entities[0];

        private static List<XElement> GetTabControls(string tabName, string formXml, IOrganizationService service)
            var controlsList = new List<XElement>();
            var formDoc = XDocument.Parse(formXml);
            var tabs = formDoc.Descendants("tab");

            foreach (var tab in tabs)
                if(tab.Attribute("name").Value.Equals(tabName, StringComparison.OrdinalIgnoreCase))
                    // get all the controls.
                    controlsList = tab.Descendants("control").ToList();

            return controlsList;


The first method retrieves the form for the contact entity and the second method extracts all the controls within the ‘DEMO_TAB’.

I have used System.Xml.Linq and believe me, it is much cleaner way to parse your xml than using the traditional System.Xml.Xmldocument methods.

So we now have the controls. Now how to get the field name and the type of the control? To explore this, lets see what the form xml looks like. I have pasted a portion of the tab xml

<tab name="DEMO_TAB" id="{596d8090-3b20-77ad-3c36-77442a42835c}" IsUserDefined="0" locklevel="0" showlabel="true" expanded="true">
                <label description="DEMO TAB" languagecode="1033" />
                <column width="100%">
                        <section name="tab_4_section_1" showlabel="false" showbar="false" locklevel="0" id="{a64c108b-c1d1-1d90-ebd0-e2c4ab7ced3d}" IsUserDefined="0" layout="varwidth" columns="11" labelwidth="115" celllabelalignment="Left" celllabelposition="Left">
                                <label description="Section" languagecode="1033" />
                                    <cell id="{2b74bc94-1e03-4ab7-428e-8283732c57ca}" showlabel="true" locklevel="0">
                                            <label description="First Name" languagecode="1033" />
                                        <control id="firstname" classid="{4273EDBD-AC1D-40d3-9FB2-095C621B552D}" datafieldname="firstname" disabled="false" />
                                    <cell id="{b6d61c95-0c1d-4cae-2e7a-1210e4d7a1cd}" showlabel="true" locklevel="0">
                                            <label description="Lead Source" languagecode="1033" />
                                        <control id="leadsourcecode" classid="{3EF39988-22BB-4f0b-BBBE-64B5A3748AEE}" datafieldname="leadsourcecode" disabled="false" />
                                    <cell id="{b06bd53b-c215-d372-0265-e3da223d9bd5}" showlabel="true" locklevel="0">
                                            <label description="Last Name" languagecode="1033" />
                                        <control id="lastname" classid="{4273EDBD-AC1D-40d3-9FB2-095C621B552D}" datafieldname="lastname" disabled="false" />
                                    <cell id="{6780cace-3301-540e-0425-543755db1a18}" showlabel="true" locklevel="0">
                                            <label description="Originating Lead" languagecode="1033" />
                                        <control id="originatingleadid" classid="{270BD3DB-D9AF-4782-9025-509E298DEC0A}" datafieldname="originatingleadid" disabled="false" />

See for the section highlighted in yellow. Let’s see what we can get from there.

  • description – the display name for the field
  • datafieldname – the logical name of the field
  • disabled – value to indicate whether the field is enabled or disabled on the form.

So far so good. We have all the necessary information. But wait? How do we get the type of the field and decide whether to render it as textbox or dropdown or datepicker?

You have two methods here. One is to query the metadata based on the field name (datafieldname) and then determine the type and render the control accordingly. If you ask me, this is probably the best way to determine to do since it would be independent of any version changes or upgrades in CRM.

But one disadvantage is the amount of time it takes to query the metadata is significant and your page rendering time could go for a toss depending on how many controls you are querying for.

The other and probably faster way to do this is to use the classid attribute of the control. Check for the stuff highlighted in green. If you observe carefully both first name and last name have the same data type and their classid is same as well. It’s more like each control type being identified by a separated id. However this method has major caveats

  • You would need to identify the classid of all type and probably use them in your code, perhaps as switch-case.
  • If for some reason, Microsoft changes the classid of the control types, your code would go for a toss.
  • Finally, with new releases, Dynamics is coming up with new field types and hence you need to keep your code changing for the new types as they come.

Wondering how to get the attributes of the controls. Well below is the code to help you on that.

foreach (var control in controls)
                var isDisabled = control.Attribute("disable").Value;
                var classId = control.Attribute("classid").Value;
                var datafieldName = control.Attribute("datafieldname").Value

                // parse the other attributes


Isn’t it easy with System.Xml.Linq?


Hope you find this useful.

{Dynamics CRM/ 365 + Views}–Create a view to show security roles assigned to user along with roles the user inherits from the team

The title might be confusing. So let’s straightway jump to the requirement here. Our client a role lookup on custom entity form and on click of the lookup, the user should be presented with a view with a view which shows the security role directly assigned to the user along with the security roles the user inherits from the team.

For e.g.

User A has security role – Role 1

User A is a member of the team which has security role – Role 2

So the view would show both the roles – Role 1 + Role 2

Very simple requirement right? However can you achieve this using OOB view? Well unfortunately the answer is BIG NO.

We went ahead with the design that when a user clicks the lookup we would call dynamically a fetchxml using the OOB custom view. Now the big task is creating the fetch xml of the custom view.

After much deliberation, I finally came up with the below Fetch XML which serves exactly the purpose. So let’s see our protagonist in the play.


var fetchString = string.Format(@"<fetch version=’1.0′ output-format=’xml-platform’ mapping=’logical’ distinct=’true’>
                                            <entity name=’role’>
                                                <attribute name=’name’ />
                                                <attribute name=’businessunitid’ />
                                                <attribute name=’roleid’ />
                                                <order attribute=’name’ descending=’false’ />
                                                <link-entity name=’systemuserroles’ from=’roleid’ to=’roleid’ link-type=’outer’>
                                                    <link-entity name=’systemuser’ from=’systemuserid’ to=’systemuserid’ alias=’aj’ link-type=’outer’>
                                                        <attribute name=’systemuserid’ />
                                                <link-entity name=’teamroles’ from=’roleid’ to=’roleid’ visible=’false’ intersect=’true’ link-type=’outer’>
                                                    <link-entity name=’teammembership’ from=’teamid’ to=’teamid’ visible=’false’ intersect=’true’ link-type=’outer’>
                                                        <link-entity name=’systemuser’ from=’systemuserid’ to=’systemuserid’ alias=’al’ link-type=’outer’ >
                                                            <attribute name=’systemuserid’ />
                                                    <filter type=’or’>
                                                        <condition entityname=’aj’ attribute=’systemuserid’ operator=’eq’ value='{0}’ />
                                                        <condition entityname=’al’ attribute=’systemuserid’ operator=’eq’ value='{0}’ />

                                        </fetch>", userid);

I have highlighted the important part of the query. The first thing to notice here is the alias that I provided while fetching the roles from the systemuserroles table and the teamroles table.

The next part is using the alias and constructing the filter condition with the alias as the entity name. userid is the GUID of the user whose security roles needs to be determined.


Please note that this type of construct is actually possible from CRM 2013 and onwards. Although this works, unfortunately this construct is not supported through the UI.

Small trick but it can consume days if not know.

Hope this helps! Till you read one or more of my blog posts, happy CRM’ing

{Dynamics CRM + Upsert} Execute Upsert request from client side in Dynamics CRM

Upsert request was introduced in Dynamics CRM 2015 Online Update 1 and on-premise customers got a flavour of it from CRM 2016 onwards. After this feature has been introduced, it has been used so much that writing anything on it is now hackneyed.

However just when you feel you have done it 100 times, you may still find that one scenario suddenly popping up which you might have not implemented in your previous projects and this was exactly one of those. My client wanted to fire an Upsert request from the client side. Basically the requirement was, there was a webresource where the user would fill the necessary information for a record and based on the field values entered, an Upsert request would create/ update the record accordingly.

So what do I need here? Well the first thing I need here is the XML request. And how do I get that?  Did you forget about the wonderful SOAP Logger tool that ships with SDK. Yeah and it still works great. Smile

By any chance you are not aware where you can find the SOAP Logger, you can find in your SDK Download in the following folder structure – SDK\SampleCode\CS\Client\SOAPLogger

Let’s take an example here. For account entity, first I create an alternate key with combination of Account Number + Account Name.


I open the SOAP logger and run the below code to get the corresponding XML request for Upsert request

SoapLoggerOrganizationService slos = new SoapLoggerOrganizationService(serverConfig.OrganizationUri, service, output);

                              //Add the code you want to test here:
                              // You must use the SoapLoggerOrganizationService ‘slos’ proxy rather than the IOrganizationService proxy you would normally use.

                              KeyAttributeCollection acckeys = new KeyAttributeCollection();

                              acckeys.Add("accountnumber", "ASH001");
                              acckeys.Add("name", "SOAP Logger for Test");
                              Entity account = new Entity("account", acckeys);
                              account["name"] = "SOAP Logger for Test";

                              UpsertRequest upsert = new UpsertRequest();
                              upsert.Target = account;
                              UpsertResponse response = (UpsertResponse)slos.Execute(upsert);


Once I run the above code, the below is the XML Request

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <Execute xmlns="
http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
      <request i:type="a:UpsertRequest" xmlns:a="
        <a:Parameters xmlns:b="
            <b:value i:type="a:Entity">
                  <b:value i:type="c:string" xmlns:c="
http://www.w3.org/2001/XMLSchema">SOAP Logger for Test</b:value>
              <a:EntityState i:nil="true" />
              <a:FormattedValues />
             <a:KeyAttributes xmlns:c="
                  <b:value i:type="d:string" xmlns:d="
                  <b:value i:type="d:string" xmlns:d="
http://www.w3.org/2001/XMLSchema">SOAP Logger for Test</b:value>
              <a:RelatedEntities />
              <a:RowVersion i:nil="true" />
        <a:RequestId i:nil="true" />

This request is just like any other request for Create/ Update except for the highlighted part. If you notice carefully, you could find a new tag in XML request name KeyAttributes. All you need to do is replace the values of the KeyAttributes

Here is the sample code for the same in javascript

var accountNumber = ‘ASH001’;
var accountName = ‘SOAP Logger for Test’;

var request = [‘<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">’,
    ‘<Execute xmlns="
http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">’,
      ‘<request i:type="a:UpsertRequest" xmlns:a="
        ‘<a:Parameters xmlns:b="
            ‘<b:value i:type="a:Entity">’,
                  ‘<b:value i:type="c:string" xmlns:c="
http://www.w3.org/2001/XMLSchema">’, accountName, ‘</b:value>’,
              ‘<a:EntityState i:nil="true" />’,
              ‘<a:FormattedValues />’,
              ‘<a:KeyAttributes xmlns:c="
                  ‘<b:value i:type="d:string" xmlns:d="
http://www.w3.org/2001/XMLSchema">’, accountNumber,'</b:value>’,
                  ‘<b:value i:type="d:string" xmlns:d="
http://www.w3.org/2001/XMLSchema">’, accountName, ‘</b:value>’,
              ‘<a:RelatedEntities />’,
              ‘<a:RowVersion i:nil="true" />’,
        ‘<a:RequestId i:nil="true" />’,

var req = new XMLHttpRequest();

req.open("POST", Xrm.Page.context.getClientUrl() + "/XRMServices/2011/Organization.svc/web", false);
req.setRequestHeader("Accept", "application/xml, text/xml, */*");
req.setRequestHeader("Content-Type", "text/xml; charset=utf-8");




The below is the response text.

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <ExecuteResponse xmlns="
      <ExecuteResult i:type="a:UpsertResponse" xmlns:a="
http://schemas.microsoft.com/xrm/2011/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <a:Results xmlns:b="
            <b:value i:type="c:boolean" xmlns:c="
            <b:value i:type="a:EntityReference">
              <a:KeyAttributes xmlns:c="
              <a:Name i:nil="true"/>
              <a:RowVersion i:nil="true"/>


In the response, you can find whether the record is created or updated. Please see the highlighted section. I already have an account with same accountnumber and name and hence RecordCreated value has been set to false


Hope this helps!

{Dynamics CRM + Web API Actions} Execute action with an Entity as input parameter using Web API in Dynamics CRM 2016

“Executing action using Web API” – well this is a topic which has become banal. It’s been talked about, people are using it every now and then in their projects. After all 2016 has just swayed away the consultants and customers alike. In-fact I wrote a blog on the same topic almost 6 months back in January when CRM 2016 was in it’s early days.


Although this blog post was much appreciated and I cannot thank the readers more for this, I have getting repeated questions about multiple scenarios related to this and one of them is – How do I execute a global action using Web API with an entity as input parameter. Mostly in the examples shared on the blog, the input parameters are boolean and string.

So I decided to pen it down here. So let’s take a very simple example here.

For this demo, I have created an action named ‘Test Action’. That is a global action with Entity as the input parameter. The Entity type is account.


Now coming to the code. Below is the sample code to do the same.

function callAction() {

    var organizationUrl = Xrm.Page.context.getClientUrl();

    var account = {};
    account.name = "Test Account Name";
    account.description = "This account was created for action test.";
    account.revenue = 2000000.00; // decimal
    account.donotphone = true; //boolean field
    //account.logicalname = "account";
    var data = { "EntityArg": account };

    var query = "new_TestAction";
    var req = new XMLHttpRequest();
    req.open("POST", organizationUrl + "/api/data/v8.0/" + query, true);
    req.setRequestHeader("Accept", "application/json");
    req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
    req.setRequestHeader("OData-MaxVersion", "4.0");
    req.setRequestHeader("OData-Version", "4.0");
    req.onreadystatechange = function () {
        if (this.readyState == 4) {
            req.onreadystatechange = null;
            if (this.status == 200) {
                var data = JSON.parse(this.response);

            } else {
                var error = JSON.parse(this.response).error;



What the sample code is doing here? Well this extremely complex code is dynamically creating an account and then passing it. You can however retrieve an existing account and pass it as well. However here I am creating the account dynamically and passing it.

Simple piece of code. Hope this helps!