How to find in the trace the line where the access to a record is granted

(0) Share

Report

Posted on by Community Member

Hello,

We have an issue where a user has access to records to which he really shouldn't have access. I went through all of the obvious and not-obvious ways of diagnosing the problem (more on that here: community.dynamics.com/.../261866) and the only option I can think of now is to analyse the trace logs and go from there.

But I can't figure out how to find the line where the system decides that the user has access. What are some keywords I should be looking for?

*This post is locked for comments

I have the same question (0)

All responses (3)

Answers (0)

Sort by

Suggested answer

Rawish Kumar 13,758 on at

Like (0)

Report
Copy link

Link copied!

I dont think trace logs will capture it.

as you mentioned you tried everything- you might want to recreate the role start from the scratch.

Was this reply helpful? Yes No
Suggested answer

Aric Levin - MVP 30,190 Moderator on at

Like (0)

Report
Copy link

Link copied!

You might be able to use AccessChecker from XRMToolbox.

You can enter the user and entity, and it will validate the privilege the user has.

This might help you better pinpoint the issue.

Hope this helps.

Was this reply helpful? Yes No
Suggested answer

Community Member on at

Like (0)

Report
Copy link

Link copied!
Hi Alexandr,

use this two queries to find where your user take access privilege.

Change prvCreateOpportunity with your privilege/entity, like "prv" + "privilege name" + "entity name" (prvReadContact or prvCreateAccount or whatever else).

Please let me know if you solve.

User Query

<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'> <entity name='privilege'> <attribute name='name' /> <link-entity name='roleprivileges' from='privilegeid' to='privilegeid' alias='pu' link-type='inner' > <link-entity name='role' from='roleid' to='roleid' alias='rpu' link-type='inner' > <attribute name='name' /> <link-entity name='systemuserroles' from='roleid' to='roleid' alias='sr' link-type='inner' > <link-entity name='systemuser' from='systemuserid' to='systemuserid' alias='srr' link-type='inner' > <attribute name='systemuserid' /> <attribute name='fullname' /> </link-entity> </link-entity> </link-entity> </link-entity> <filter type='and'> <condition attribute='name' operator='eq' value='prvCreateOpportunity' /> </filter> </entity> </fetch>

Team Query

<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'> <entity name='privilege'> <attribute name='name' /> <link-entity name='roleprivileges' from='privilegeid' to='privilegeid' alias='pt' link-type='inner' > <link-entity name='role' from='roleid' to='roleid' alias='rpt' link-type='inner' > <attribute name='name' /> <link-entity name='teamroles' from='roleid' to='roleid' alias='tr' link-type='inner' > <link-entity name='team' from='teamid' to='teamid' alias='trr' link-type='inner' > <attribute name='teamid' /> <attribute name='name' /> </link-entity> </link-entity> </link-entity> </link-entity> <filter type='and'> <condition attribute='name' operator='eq' value='prvCreateOpportunity' /> </filter> </entity> </fetch>

If you found the answer helpful, please mark as Verified

Join my network on LinkedIn Follow me on Twitter

Thank You & Best Regards

Francesco Picchi

Microsoft Dynamics CRM Consultant, Bologna+Milano, ITALY

Independent Contractor

http://www.francescopicchi.com

Was this reply helpful? Yes No