locked
CRM 2011 Permissions when using CallerId to Act on Behalf of a User RRS feed

  • Question

  • Is there any way to act on behalf of another user without taking on that user's permissions? I'm creating an OrganizationServiceProxy and setting the CallerId in order to create an instance of a custom entity that I want users to only create/edit via my custom web application so I took away the permissions from the entity. However, I still want ModifiedBy, CreatedBy, and the audit history's on behalf of fields to be the user accessing the web application instead of my service account. Is this possible?

    Tuesday, March 15, 2011 8:34 PM

Answers

  • The simple answer is 'no'. When impersonating a user you necessarily take on that user's permissions.

    I suggest you consider an alternate approach to prevent the users modifying data via CRM. One option would be to use client script in the CRM form to restrict who can create/edit records; another would be a plugin. The plugin route would need a means to distinguish between an change from the CRM application and one from your custom web application; one option woudl be to test for a custom attribute you send from the custom web application, but you don't make available on the CRM form


    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, March 16, 2011 9:34 AM
    Moderator