790
dear all
i need to remove the permission of deleting Account and Case from all security roles (Except Administrator) , do i have to go through each and every security role and modify them? or there is a bulk way of doing this?
thanks,
The one we have by default is Microsoft.Xrm.Sdk.Messages, the method "RemovePrivilegeRoleRequest " exists in Microsoft.Crm.Sdk.Messages
thanks Ravi
it is already there, please check.
thanks, i like the idea and will work to implement it.
regards.
Regarding your other questions, it is hard to tell that if system will work fine if you delete all delete permission from all entities/ roles. I haven't tried this yet but believes it should be fine.
In general, we don't use any out of box role, instead we create a copy of out of box role and assign that. We also create a base role with only the required permissions and without any delete permissions.
Hope this helps.
Hi Ahmad,
Sorry, I forget to mentioned that you need to add "Microsoft.Crm.Sdk.Messages;" namespace on the code now tool (right side pane).
Dear Ravi
i already did remove these permissions manually yesterday, but i wanted to try your code and i got the following error :
and in general, is there any harm to remove all delete permissions from all roles (except admin) for all entities assuming that none of my customizations or configurations are set to delete anything in any WF or BPF...etc.
in another words, does system assume that delete permissions is avaiable for certain OOB security roles in order to perform any system operation or not?
thanks,
thank you Ravi
Hi Ahmad,
I am not sure if there is any tool which you can use to remove the specific privileges. As mentioned above, it would be quicker to remove the permissions manually (provided you don't have many roles). If you still want to automate then you can run the below code script on 'Code Now' tool to remove account delete & case delete privledges.
I have tried this and it seems working fine but it is always a good idea to test the script in sandbox/ test environment instead of directly rtying it against product. I have commented the main service.execute so that you don't run this by mistake.
======================
public static void CodeNow(){
var fetchXml = @"<fetch version='1.0' mapping='logical' distinct='false'>
<entity name='roleprivileges'>
<attribute name='privilegeid'/>
<attribute name='roleid'/>
<link-entity name='role' alias='roles' to='roleid' from='roleid' link-type='inner'>
<attribute name='name'/>
<filter type='and'>
<condition attribute='name' operator='neq' value='System Administrator' />
</filter>
</link-entity>
<link-entity name='privilege' alias='privileges' to='privilegeid' from='privilegeid' link-type='inner'>
<attribute name='name'/>
<filter type='or'>
<condition attribute='name' operator='eq' value='prvDeleteAccount' />
<condition attribute='name' operator='eq' value='prvDeleteIncident' />
</filter>
</link-entity>
</entity>
</fetch>";
var allRecordss = Service.RetrieveMultiple(new FetchExpression(fetchXml));
foreach (var record in allRecordss.Entities)
{
RemovePrivilegeRoleRequest removePrivilageRequest = new RemovePrivilegeRoleRequest()
{
PrivilegeId = new Guid(record["privilegeid"].ToString()),
RoleId = new Guid(record["roleid"].ToString())
};
//Service.Execute(removePrivilageRequest);
LogMessage(string.Format("Removed '{0}' privilege from '{1}' role.", ((AliasedValue)record["privileges.name"]).Value.ToString(), ((AliasedValue)record["roles.name"]).Value.ToString()));
}
}
=============
www.itaintboring.com/.../code-now-plugin-for-xrmtoolbox
www.itaintboring.com/.../lets-use-xrmtoolbox-to-run-some-c-code-into-dynamics
Hope this help.
Dear Goutam
the screen shot i attached earlier is from the XRMtoolbox store, it is not there in the store to install it.
thanks,
#1
André Arnaud de Cal...
292,516
Super User 2025 Season 1
#2
Martin Dráb
231,432
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
