web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Dynamics 365 general forum / removing one permissio...
Dynamics 365 general forum

removing one permission from all Security roles

(0) ShareShare
ReportReport
Posted on by Ahmad Saud 790

dear all

i need to remove the permission of deleting Account and Case from all security roles (Except Administrator) , do i have to go through each and every security role and modify them? or there is a bulk way of doing this?

thanks,

Categories:
Customization / Solutions / SDK and API
I have the same question (0)
  • CVO Profile Picture
    CVO 77 on at

    While you can script it, it is probably easier to just do it manually.

    If you have lots of roles doing the same thing then you may want to look at how you are implementing security.

    Eg: Instead of all roles having delete Account, you would have Delete Account on the Base level role that everyone has.  You would then not need to include that permission on any of the other roles.  If you need to remove the permission then you simply remove it from the Base level Role.

    Your Security Roles should be additive and not repetitive.

  • Suggested answer
    gdas Profile Picture
    gdas 50,091 Moderator on at

    Hi Ahmad ,

    Not sure ,You may use XRMToolBox ,Role Updater plugins. But it would  better to do it manually instead of using tool.

  • Ahmad Saud Profile Picture
    Ahmad Saud 790 on at

    thanks Goutam, but i cant find it.

    please check below.

    2018_2D00_10_2D00_31-15_5F00_40_5F00_22_2D00_XrmToolBox-Plugins-Store.png

  • gdas Profile Picture
    gdas 50,091 Moderator on at

    You need to install the plugin. Download , XRMToolBox and you will find the installation popup while opening application exe, install all the plugins.

  • Ahmad Saud Profile Picture
    Ahmad Saud 790 on at

    Dear Goutam

    the screen shot i attached earlier is from the XRMtoolbox store, it is not there in the store to install it.

    thanks,

  • Verified answer
    gdas Profile Picture
    gdas 50,091 Moderator on at

    Hi Ahmad,

    Go to top menu select tools , under that you can see plugins store . You need to choose the role updater and click on install.

    Once installed , reopen XRMToolBox you will find the plugins.

    pluginstore.png

  • Verified answer
    RaviKashyap Profile Picture
    RaviKashyap 55,410 Moderator on at

    Hi Ahmad,

    I am not sure if there is any tool which you can use to remove the specific privileges. As mentioned above, it would be quicker to remove the permissions manually (provided you don't have many roles). If you still want to automate then you can run the below code script on 'Code Now' tool to remove account delete & case delete privledges.

    I have tried this and it seems working fine but it is always a good idea to test the script in sandbox/ test environment instead of directly rtying it against product. I have commented the main service.execute so that you don't run this by mistake.

    ======================

    public static void CodeNow(){

    var fetchXml = @"<fetch version='1.0' mapping='logical' distinct='false'>

                                      <entity name='roleprivileges'>                                      

                                         <attribute name='privilegeid'/>

                                         <attribute name='roleid'/>

                                         <link-entity name='role' alias='roles' to='roleid' from='roleid' link-type='inner'>

                                            <attribute name='name'/>

                                           <filter type='and'>

                                             <condition attribute='name' operator='neq' value='System Administrator' />                                          

                                           </filter>

                                         </link-entity>

                                         <link-entity name='privilege' alias='privileges' to='privilegeid' from='privilegeid' link-type='inner'>

                                            <attribute name='name'/>

                                           <filter type='or'>

                                             <condition attribute='name' operator='eq' value='prvDeleteAccount' />

                                             <condition attribute='name' operator='eq' value='prvDeleteIncident' />

                                           </filter>  

                                         </link-entity>

                                      </entity>

                                   </fetch>";

                   var allRecordss = Service.RetrieveMultiple(new FetchExpression(fetchXml));

                   foreach (var record in allRecordss.Entities)

                   {

                       RemovePrivilegeRoleRequest removePrivilageRequest = new RemovePrivilegeRoleRequest()

                       {

                           PrivilegeId = new Guid(record["privilegeid"].ToString()),

                           RoleId = new Guid(record["roleid"].ToString())

                       };

                       //Service.Execute(removePrivilageRequest);

                       LogMessage(string.Format("Removed '{0}' privilege from '{1}' role.", ((AliasedValue)record["privileges.name"]).Value.ToString(), ((AliasedValue)record["roles.name"]).Value.ToString()));

                   }

    }

    =============

    www.itaintboring.com/.../code-now-plugin-for-xrmtoolbox

    www.itaintboring.com/.../lets-use-xrmtoolbox-to-run-some-c-code-into-dynamics

    Hope this help.

  • Ahmad Saud Profile Picture
    Ahmad Saud 790 on at

    thank you Ravi

  • Ahmad Saud Profile Picture
    Ahmad Saud 790 on at

    Dear Ravi

    i already did remove these permissions manually yesterday, but i wanted to try your code and i got the following error :

    2018_2D00_11_2D00_01-08_5F00_45_5F00_34_2D00_XrmToolBox-for-Microsoft-Dynamics-CRM_5F00_365-CE-_2800_v1.2018.10.29_2900_.png

    and in general, is there any harm to remove all delete permissions from all roles (except admin) for all entities assuming that none of my customizations or configurations are set to delete anything in any WF or BPF...etc.

    in another words, does system assume that delete permissions is avaiable for certain OOB security roles in order to perform any system operation or not?

    thanks,

  • Suggested answer
    RaviKashyap Profile Picture
    RaviKashyap 55,410 Moderator on at

    Hi Ahmad,

    Sorry, I forget to mentioned that you need to add "Microsoft.Crm.Sdk.Messages;" namespace on the code now tool (right side pane).

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Coming on 11/8!

In our never-ending quest to help the Dynamics 365 Community members get answers faster …

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard > Dynamics 365 general

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans