"PrincipalObjectAttributeAccess" does not work RRS feed

  • Question

  • Hi!

    I want to use the "PrincipalObjectAttributeAccess" in CRM 2011 Online to change the users rights on secured_field. At the moment I'm using this code:

                        PrincipalObjectAttributeAccess poaa = new PrincipalObjectAttributeAccess()


                                AttributeId = secured_field,

                                ObjectId = new EntityReference("contact", contactid),

                               PrincipalId = new EntityReference("systemuser", SystUserID),
                                ReadAccess = true,
                                UpdateAccess = true



    I obtain the error, that PrincipalObjectAttributeAccess  could not be found because an assembly reference is missing or an using directive. I have put the same using directives and references as shown in the sample code in SDK (the sample code works SampleCode\CS\FieldSecurity\RetrieveUserSharedAttributePermissions.cs), but without success. Does anybody know or have an idea how to put it to work?

    Wednesday, September 26, 2012 3:08 PM


All replies

  • you need to use GrantAccessRequest and ModifyAccess Request for the same..
    // Grant the team Read and AppendTo access to the queue.  
    // Having Read and AppendTo privileges gives a team a full access 
    // to the queue items, but only read access to the queue. For 
    // example, team members can’t change the queue name, but they 
    // can make any modifications to the queue items.
    GrantAccessRequest grantAccessRequest = new GrantAccessRequest
        PrincipalAccess = new PrincipalAccess
            Principal = new EntityReference(Team.EntityLogicalName, _teamId),
            AccessMask = AccessRights.ReadAccess
            | AccessRights.AppendToAccess
        Target = new EntityReference(Queue.EntityLogicalName, _queueId)

    My Blog
    Follow Me on Twitter

    Wednesday, September 26, 2012 3:25 PM
  • Thank you for answering so fast.

    Actually I want to change the rights of the user on a secured field inside a record:

    First I created the secured field with no permissions to anybody to see this field inside the contact form.Then I wrote a plugin, which starts if a contact record is created. Inside the plugin I get the ownerID (GUID) and want to give permission only to this userID (the owner of the record) to read and update the secured_field.

    The code suggested above would give privilleges to the user only to the whole record, but he will still not be able to update and see the secured field.

    I hope you understand my problem now ...

    Wednesday, September 26, 2012 3:53 PM
    • Marked as answer by Elanq Thursday, September 27, 2012 12:50 PM
    Wednesday, September 26, 2012 4:10 PM
  • Thanks again! Here is my new code, but still not working:

                            Entity poaa = new Entity("principalobjectattributeaccess");
                            poaa["attributeid"] = feld_notizen;
                            poaa["objectid"] = new EntityReference("contact", regardingobjectid);
                            poaa["principalid"] = new EntityReference("systemuser", SystUserID);
                            poaa["readaccess"] = true;
                            poaa["updateaccess"] = true;


    Wednesday, September 26, 2012 5:02 PM
  • The above code now works. Thank you very much for your help!

    Thursday, September 27, 2012 12:50 PM
  • Hi,

    I tried to use this solution but because my service is connected to the current user, it does not have privileges to change the principalobjectattributeaccess. I received this message

    Principal user (Id=2113fb92-04a9-e211-b13a-78e3b50834b8, type=8) is missing prvAppendPrincipalObjectAttributeAccess privilege (Id=2ba6ddbf-2d8a-11df-8176-00137299e1c2)

    How did you manage that?

    Monday, April 22, 2013 9:28 AM