Sharing Records Programmatically

On occasion I’ve had the need to programmatically share a record with a CRM user or team.  I noticed this morning that the CRM user interface and the CRM web service call to Grant Access don’t actually have the same number of options.

Here is how you would share a record manually, through the CRM interface:

Here is how you do share a record via code ( from the CRM SDK ):

// Create the SecurityPrincipal Object
SecurityPrincipal principal = new SecurityPrincipal();
principal.Type = SecurityPrincipalType.User;

// PrincipalId is the Guid of the user to whom access is being granted
principal.PrincipalId = new Guid("7B222F98-F48A-4AED-9D09-77A19CB6EE82");

// Create the PrincipalAccess Object
PrincipalAccess principalAccess = new PrincipalAccess();

// Set the PrincipalAccess Object's Properties
principalAccess.Principal = principal;

// Gives the principal access to read
principalAccess.AccessMask = AccessRights.ReadAccess;

// Create the Target Object for the Request
TargetOwnedAccount target = new TargetOwnedAccount();

// EntityId is the Guid of the account access is being granted to
target.EntityId = new Guid("6A92D3AE-A9C9-4E44-9FA6-F3D5643753C1");

// Create the Request Object
GrantAccessRequest grant = new GrantAccessRequest();

// Set the Request Object's properties
grant.PrincipalAccess = principalAccess;
grant.Target = target;

// Execute the Request
GrantAccessResponse granted = (GrantAccessResponse)service.Execute(grant);

AccessMask Property

The AccessMask property defines how the record should be shared. The following values are available:

AppendAccess

Specifies the right to append the specified object to another object.

AppendToAccess

Specifies the right to append another object to the specified object.

AssignAccess

Specifies the right to assign the specified object to another security principal.

CreateAccess

Specifies the right to create an instance of the object type.

DeleteAccess

Specifies the right to delete the specified object.

ReadAccess

Specifies the right to read the specified type of object.

ShareAccess

Specifies the right to share the specified object.

WriteAccess

Specifies the right to update (write to) the specified object.

For additional information, visit the CRM SDK topic: AccessRights Enumeration (CrmService).

The example above gives Read access to a record.  To specify more than one access right, you use the C# OR assignment operator so that your code looks something like this:

principalAccess.AccessMask |= AccessRights.ReadAccess;
principalAccess.AccessMask |= AccessRights.WriteAccess;

The Append Oddity

I noticed something odd about the Assign right this morning.  If you are programmatically sharing the record you must supply both Append and AppendTo rights in order for CRM to fully give Append rights to the record. Here is the code:

principalAccess.AccessMask |= AccessRights.AppendAccess;
principalAccess.AccessMask |= AccessRights.AppendToAccess;

If you only supply Append and view the sharing assignments through the CRM user interface, you will not see the Append box checked.