How to find in the trace the line where the access to a record is granted

(0) Share

Report

Posted on by Community Member Microsoft Employee

Hello,

We have an issue where a user has access to records to which he really shouldn't have access. I went through all of the obvious and not-obvious ways of diagnosing the problem (more on that here: community.dynamics.com/.../261866) and the only option I can think of now is to analyse the trace logs and go from there.

But I can't figure out how to find the line where the system decides that the user has access. What are some keywords I should be looking for?

*This post is locked for comments

All responses (3)

Answers (0)

Suggested answer

Community Member Microsoft Employee on at

Like (0)

Report
RE: How to find in the trace the line where the access to a record is granted

Hi Alexandr,

use this two queries to find where your user take access privilege.

Change prvCreateOpportunity with your privilege/entity, like "prv" + "privilege name" + "entity name" (prvReadContact or prvCreateAccount or whatever else).

Please let me know if you solve.

User Query

<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'> <entity name='privilege'> <attribute name='name' /> <link-entity name='roleprivileges' from='privilegeid' to='privilegeid' alias='pu' link-type='inner' > <link-entity name='role' from='roleid' to='roleid' alias='rpu' link-type='inner' > <attribute name='name' /> <link-entity name='systemuserroles' from='roleid' to='roleid' alias='sr' link-type='inner' > <link-entity name='systemuser' from='systemuserid' to='systemuserid' alias='srr' link-type='inner' > <attribute name='systemuserid' /> <attribute name='fullname' /> </link-entity> </link-entity> </link-entity> </link-entity> <filter type='and'> <condition attribute='name' operator='eq' value='prvCreateOpportunity' /> </filter> </entity> </fetch>

Team Query

<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'> <entity name='privilege'> <attribute name='name' /> <link-entity name='roleprivileges' from='privilegeid' to='privilegeid' alias='pt' link-type='inner' > <link-entity name='role' from='roleid' to='roleid' alias='rpt' link-type='inner' > <attribute name='name' /> <link-entity name='teamroles' from='roleid' to='roleid' alias='tr' link-type='inner' > <link-entity name='team' from='teamid' to='teamid' alias='trr' link-type='inner' > <attribute name='teamid' /> <attribute name='name' /> </link-entity> </link-entity> </link-entity> </link-entity> <filter type='and'> <condition attribute='name' operator='eq' value='prvCreateOpportunity' /> </filter> </entity> </fetch>

If you found the answer helpful, please mark as Verified

Join my network on LinkedIn Follow me on Twitter

Thank You & Best Regards

Francesco Picchi

Microsoft Dynamics CRM Consultant, Bologna+Milano, ITALY

Independent Contractor

http://www.francescopicchi.com
Suggested answer

Aric Levin 30,188 on at

Like (0)

Report

RE: How to find in the trace the line where the access to a record is granted

You might be able to use AccessChecker from XRMToolbox.

You can enter the user and entity, and it will validate the privilege the user has.

This might help you better pinpoint the issue.

Hope this helps.
Suggested answer

Rawish Kumar 13,756 on at

Like (0)

Report

RE: How to find in the trace the line where the access to a record is granted

I dont think trace logs will capture it.

as you mentioned you tried everything- you might want to recreate the role start from the scratch.