locked
Making changes in DB related to access rights RRS feed

  • Question

  • Hi all,

    I am new to CRM so please correct me if I am wrong. Now we have our CRM in which we have a Primary & a secondary Sales person associated with each customer. When a Sales Rep creates a Customer he becomes the owner as well as the Primary sales person for the customer & he enter's the secondary sales person. Now whenever the secondary sales person needs to make changes in the Customer record the primary sales person need's to give him every right's other than Delete by going in Customer Record -> Share. Now I need to make changes in DB using a database script, so that every Secondary sales rep has every right's other than Delete on the record created by the Primary Sales Rep. How should I do that? Any suggestion.

    I also wish to make sure that in future Primary as well as secondary Sales Rep have rights on the record created by Primary sales rep.

    Please suggest something. Thanks in advance.

    Amar

    Thursday, May 12, 2011 11:21 AM

Answers

  • Amar,

     

    Assuming you have a lookup in the customer entity (account/contact) to the secondary sales rep, you can first retrieve all the entities you need to process (RetrieveMultiple request), then for each entity you get the EntityReference for the secondary sales rep and then you can use the GrantAccessRequest to grant access to the secondary sales rep to the customer (http://technet.microsoft.com/en-us/library/microsoft.crm.sdk.messages.grantaccessrequest_methods.aspx)

    .

     

    Here is some code to get you started:

    QueryExpression q = new QueryExpression("account");
    //...filter query if necessary
    
          
    EntityCollection coll = service.RetrieveMultiple(q);
    
    foreach (Entity e in coll.Entities)
    {
      EntityReference secondarySalesPerson = e["new_secondarysalesperson"] as EntityReference;
    
      GrantAccessRequest r = new GrantAccessRequest
      {
        Target = new EntityReference(e.LogicalName, e.Id),
        PrincipalAccess = new PrincipalAccess
        {
          Principal = secondarySalesPerson,
          AccessMask = AccessRights.ReadAccess | AccessRights.WriteAccess, // Add as many rights as you need to provide to the secondary sales person
        }
      };
    }
     

     

    Thursday, May 12, 2011 1:18 PM
    Moderator

All replies

  • Hi Amar,

     

    You are right, "sharing" the record could be your solution. however, for retroactively sharing the records you should not run a DB script, in general it is a bad idea to run any DB script, specially when you can achieve the same using the web services (DB scripts are unsupported and risk leaving the system in a corrupted state from which you cannot recover). One part that I'm missing about your requirements is: Is the record supposed to be ccessible *only* by the primary and secondary salesperson? Because if not you can easily solve your problem  for existing and future records by increasing the depth of the privilege for customer for the salesperson security role.

     

    Going forward, you should have a plugin so that the record is automatically shared to the secondary sales person when you enter a secondary sales person in the record (see plugins in the SDK documentation).

    Thursday, May 12, 2011 11:30 AM
    Moderator
  • If I understand you correctly, a sales rep can be either primary or secondary, regardless of other responsibilities. So a sales rep can be primary for one record, and secondary for a second record?

    I believe the easiest solution is to create a second N:1 relationship between systemuser and account, which creates a new user lookup on account. This lookup can be named "secondary sales rep". Give all sales rep the same security role, with rights to delete every account.

    Then, create a pre-delete plugin for account, which checks if any other user than the owner (primary sales rep) tries to delete it, and throws an exception if they do.

    This means that every sales rep still would have access to the delete button even though they will not technically have the right to delete. This could be perceived as bad UI practice .

    Another approach could be to use a scripts which sniffs out which user's opening the record, and disable the delete button if any other than the primary sales rep opens the form. I personally dislike this approach, since the script will only fire whenever a user actually opens the form, making it possible to delete the record through other means

    Thursday, May 12, 2011 12:09 PM
  • Thanks Gonzolo,

    Yes the Primary & the Secondary Sales rep should only access  the records. Can you explain me a little bit about how to use the Web Service in this scenario.  

    Thanks Again.

    Thursday, May 12, 2011 12:18 PM
  • I agree with Gonzalo, do not use the db scripts to do anything in CRM. It is unsupported and it will cause problems during upgrade to new version. plugins are the best options.
    Amreek singh Senior CRM Consultant CDC Praxa Sydney, Australia http://mscrmshop.blogspot.com
    Thursday, May 12, 2011 12:20 PM
  • Amar,

     

    Assuming you have a lookup in the customer entity (account/contact) to the secondary sales rep, you can first retrieve all the entities you need to process (RetrieveMultiple request), then for each entity you get the EntityReference for the secondary sales rep and then you can use the GrantAccessRequest to grant access to the secondary sales rep to the customer (http://technet.microsoft.com/en-us/library/microsoft.crm.sdk.messages.grantaccessrequest_methods.aspx)

    .

     

    Here is some code to get you started:

    QueryExpression q = new QueryExpression("account");
    //...filter query if necessary
    
          
    EntityCollection coll = service.RetrieveMultiple(q);
    
    foreach (Entity e in coll.Entities)
    {
      EntityReference secondarySalesPerson = e["new_secondarysalesperson"] as EntityReference;
    
      GrantAccessRequest r = new GrantAccessRequest
      {
        Target = new EntityReference(e.LogicalName, e.Id),
        PrincipalAccess = new PrincipalAccess
        {
          Principal = secondarySalesPerson,
          AccessMask = AccessRights.ReadAccess | AccessRights.WriteAccess, // Add as many rights as you need to provide to the secondary sales person
        }
      };
    }
     

     

    Thursday, May 12, 2011 1:18 PM
    Moderator