web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Get privileges and ac...
Microsoft Dynamics CRM (Archived)

Get privileges and access levels of all entities of current logged in user using C# plugin

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

I want to write a C# plugin using which I could retrieve the access privileges of each and every entity for a logged in user. For example, for account entity, what all privileges(create, read, write, etc) he has along with the access levels(Global, Deep, Local, Basic, None). 

Thanks.

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    joman Profile Picture
    joman 617 on at

    CRM can make different accesses for different accounts

    you can get user access to each record:

    RetrievePrincipalAccessRequest principalAccessRequest = new RetrievePrincipalAccessRequest
{
    Principal = new EntityReference("systemuser", userID),
    Target = new EntityReference("account", accountId)
};
RetrievePrincipalAccessResponse principalAccessResponse = (RetrievePrincipalAccessResponse)service.Execute(principalAccessRequest);
principalAccessResponse.AccessRights; // Is Access user to account
  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Refer this:

    community.dynamics.com/.../retrieve-the-permission-set-a-user-or-team-has-to-a-record-in-microsoft-dynamics-crm-2011-using-net-or-jscript

  • Community Member Profile Picture
    Community Member on at

    Hi Joman and Mohd Saad Akhtar, thanks for your reply, but this is not what I am looking for. This checks for account's record privileges. I need to check the privilege on the "account" as  a whole without passing the record id of the account.

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Use Below Code:

    using System;
using System.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Xrm.Sdk;
using Microsoft.Xrm.Tooling.Connector;
using Microsoft.Crm.Sdk;
using Microsoft.Crm.Sdk.Messages;
using Microsoft.Xrm.Sdk.Query;



namespace D365ConsoleApplication
{
    class Program
    {
        static void Main(string[] args)
        {

            // Get the CRM connection string and connect to the CRM Organization
            CrmServiceClient crmConn = new CrmServiceClient(ConfigurationManager.ConnectionStrings["CRM"].ConnectionString);
            IOrganizationService crmService = crmConn.OrganizationServiceProxy;

            Guid gUserId = ((WhoAmIResponse)crmService.Execute(new WhoAmIRequest())).UserId;

            QueryExpression query = new QueryExpression();
            query.EntityName = "role";
            query.ColumnSet = new ColumnSet("name");

            LinkEntity systemUseRole = new LinkEntity();
            systemUseRole.LinkFromEntityName = "role";
            systemUseRole.LinkFromAttributeName = "roleid";
            systemUseRole.LinkToEntityName = "systemuserroles";
            systemUseRole.LinkToAttributeName = "roleid";
            systemUseRole.JoinOperator = JoinOperator.Inner;
            systemUseRole.EntityAlias = "SUR";
            
            LinkEntity userRoles = new LinkEntity();
            userRoles.LinkFromEntityName = "systemuserroles";
            userRoles.LinkFromAttributeName = "systemuserid";
            userRoles.LinkToEntityName = "systemuser";
            userRoles.LinkToAttributeName = "systemuserid";
            userRoles.JoinOperator = JoinOperator.Inner;
            userRoles.EntityAlias = "SU";
            userRoles.Columns = new ColumnSet("fullname");

            LinkEntity rolePrivileges = new LinkEntity();
            rolePrivileges.LinkFromEntityName = "role";
            rolePrivileges.LinkFromAttributeName = "roleid";
            rolePrivileges.LinkToEntityName = "roleprivileges";
            rolePrivileges.LinkToAttributeName = "roleid";
            rolePrivileges.JoinOperator = JoinOperator.Inner;
            rolePrivileges.EntityAlias = "RP";
            rolePrivileges.Columns = new ColumnSet("privilegedepthmask");

            LinkEntity privilege = new LinkEntity();
            privilege.LinkFromEntityName = "roleprivileges";
            privilege.LinkFromAttributeName = "privilegeid";
            privilege.LinkToEntityName = "privilege";
            privilege.LinkToAttributeName = "privilegeid";
            privilege.JoinOperator = JoinOperator.Inner;
            privilege.EntityAlias = "P";
            privilege.Columns = new ColumnSet("name", "accessright");
            
            LinkEntity privilegeObjectTypeCodes = new LinkEntity();
            privilegeObjectTypeCodes.LinkFromEntityName = "roleprivileges";
            privilegeObjectTypeCodes.LinkFromAttributeName = "privilegeid";
            privilegeObjectTypeCodes.LinkToEntityName = "privilegeobjecttypecodes";
            privilegeObjectTypeCodes.LinkToAttributeName = "privilegeid";
            privilegeObjectTypeCodes.JoinOperator = JoinOperator.Inner;
            privilegeObjectTypeCodes.EntityAlias = "POTC";
            privilegeObjectTypeCodes.Columns = new ColumnSet("objecttypecode");

            ConditionExpression conditionExpression = new ConditionExpression();
            conditionExpression.AttributeName = "systemuserid";
            conditionExpression.Operator = ConditionOperator.Equal;
            conditionExpression.Values.Add(gUserId);
            
            userRoles.LinkCriteria = new FilterExpression();
            userRoles.LinkCriteria.Conditions.Add(conditionExpression);

            systemUseRole.LinkEntities.Add(userRoles);
            query.LinkEntities.Add(systemUseRole);

            rolePrivileges.LinkEntities.Add(privilege);
            rolePrivileges.LinkEntities.Add(privilegeObjectTypeCodes);
            query.LinkEntities.Add(rolePrivileges);


            EntityCollection retUserRoles = crmService.RetrieveMultiple(query);

            Console.WriteLine("Retrieved {0} records", retUserRoles.Entities.Count);
                foreach (Entity rur in retUserRoles.Entities)
                {
                    string UserName = String.Empty;
                    string SecurityRoleName =  String.Empty;
                    string PriviligeName = String.Empty;
                    string AccessLevel = String.Empty;
                    string SecurityLevel = String.Empty;
                    string EntityName = String.Empty;

                    UserName = ((AliasedValue)(rur["SU.fullname"])).Value.ToString();
                    SecurityRoleName = (string)rur["name"];
                    EntityName = ((AliasedValue)(rur["POTC.objecttypecode"])).Value.ToString();
                    PriviligeName = ((AliasedValue)(rur["P.name"])).Value.ToString();
                    


                    switch (((AliasedValue)(rur["P.accessright"])).Value.ToString())
                    {
                        case "1":
                        AccessLevel = "READ";
                        break;
                        
                        case "2":
                        AccessLevel = "WRITE";
                        break;

                        case "4":
                        AccessLevel = "APPEND";
                        break;

                        case "16":
                        AccessLevel = "APPENDTO";
                        break;

                        case "32":
                        AccessLevel = "CREATE";
                        break;

                        case "65536":
                        AccessLevel = "DELETE";
                        break;

                        case "262144":
                        AccessLevel = "SHARE";
                        break;

                        case "524288":
                        AccessLevel = "ASSIGN";
                        break;

                        default:
                        AccessLevel = "";
                        break;
                    }

                  

                    switch (((AliasedValue)(rur["RP.privilegedepthmask"])).Value.ToString())
                    {
                        case "1":
                            SecurityLevel = "User";
                            break;

                        case "2":
                            SecurityLevel = "Business Unit";
                            break;

                        case "4":
                            SecurityLevel = "Parent: Child Business Unit";
                            break;

                        case "8":
                            SecurityLevel = "Organisation";
                           break;

                        default:
                            SecurityLevel = "";
                            break;
                    }


                    Console.WriteLine("User name:" + rur["SU.fullname"]);
                    Console.WriteLine("Security Role name:" + rur["name"]);
                    Console.WriteLine("Privilige name:" + rur["P.name"]);
                    Console.WriteLine("Access Right :" + rur["P.accessright"]);
                    Console.WriteLine("Security Level:" + rur["RP.privilegedepthmask"]);

                }
        }
    }
}


  • joman Profile Picture
    joman 617 on at

    You can only query needed information.

    Standard functions working with all access types (As you know, you can grant access to specific account record "Share it").

  • Suggested answer
    Goutham A Profile Picture
    Goutham A 2 on at

    its by chance not possible or very complex logic. you can get only the roles of the logged in user. one role might have read on user level and other might have read privilege on global level.So, for your requirement you need to combine privileges of all roles for all entities.

    Aktar's logic help you to some extend. But think logic you were expecting is bit more complicated.

    The best logic ic to loop through each entity in crm and get the pricipal access for each entity.

  • thuld Profile Picture
    thuld on at

    The code shared by Mohd (see response "Mohd Saad Akhtar responded on 19 May 2017 2:54 PM") is super helpful, but not 100%, the join needs to consider the "parentrootroleid", because all privileges reference the parent-root-role:

    <fetch>
        <entity name="role" >
            <attribute name="name" />
            <link-entity name="systemuserroles" from="roleid" to="roleid" link-type="inner" alias="SUR" >
                <link-entity name="systemuser" from="systemuserid" to="systemuserid" link-type="inner" alias="user" >
                    <attribute name="businessunitid" />
                    <attribute name="fullname" />
                    <attribute name="domainname" />
                    <filter>
                        <condition attribute="systemuserid" operator="eq" value="$SystemUserId" />
                    </filter>
                </link-entity>
            </link-entity>
            <link-entity name="role" from="roleid" to="parentrootroleid" link-type="inner" alias="parentrootrole" >
                <link-entity name="roleprivileges" from="roleid" to="roleid" link-type="inner" alias="privrole" intersect="true" >
                    <attribute name="privilegedepthmask" />
                    <link-entity name="privilege" from="privilegeid" to="privilegeid" link-type="inner" alias="priv" >
                        <attribute name="accessright" />
                    </link-entity>
                    <link-entity name="privilegeobjecttypecodes" from="privilegeid" to="privilegeid" link-type="inner" alias="POTC" >
                        <attribute name="objecttypecode" />
                    </link-entity>
                </link-entity>
            </link-entity>
        </entity>
    </fetch>

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans