locked
Adding Security rights for new entity in Custom Solution RRS feed

  • Question

  • I am working on a new custom solution that will create a new settings entity when installed.  However, I am wondering how I can programmatically grant 'read' access to all CRM users to the new entity? 

    I do have a configuration HTML page that I could run some JS code on, is there a way to do this in JS code, maybe with a SOAP or REST call?

    Thanks!



    Thursday, July 23, 2015 7:00 PM

All replies

  • Hello Chris,

    Wouldn't it be easier to create a custom security role that will grant rights to read mentioned entity and assign that role to users?


    Dynamics CRM MVP
    My blog

    Thursday, July 23, 2015 7:37 PM
    Moderator
  • Andrii:  How would I give the CRM admin a button to add all users to that new role?  I wouldn't want them to go to each user and add the role, that could take a while if it's a large user base?


    Recall that I want the admin to be able to do this on a configuration page for the solution, so it will have to be done in JS.
    Thursday, July 23, 2015 7:58 PM
  • Checking the CRM Rest Builder app, it looks like maybe I can just do an insert to the SystemUserRolesSet assigning the systemuserid and the roleid for my newly created role?  I would have to check and make sure the user wasn't already in there, but would that work?
    Thursday, July 23, 2015 8:05 PM
  • Chris,

    If I'm not wrong it is possible to assign role to users in bulk mode from grid of users. Since version 2011.

    In case you anyway want to create "Magic button" you should look here - https://msdn.microsoft.com/en-us/library/jj602982.aspx?f=255&MSPPError=-2147217396

    So seems that this is simple creation of N-N relationship between user and security role so you can use OData for it.


    Dynamics CRM MVP
    My blog

    Thursday, July 23, 2015 8:29 PM
    Moderator
  • Maybe I need to do a SOAP Call?  Rest doesn't seem to work, it throws back a 'forbidden' message.  I also tried an 'associate' REST call, but it said bad request.  I think associate is only for N:1 and 1:N relationships?

    var entity = {};
            // entity.SystemUserRoleId = "0";
            entity.RoleId = "419d8a6a-7631-e511-80e6-fc15b4284734";
            entity.SystemUserId = "800bc933-78f3-e111-b3e3-78e3b511a6f7";

            $.ajax({
                type: "POST",
                contentType: "application/json; charset=utf-8",
                datatype: "json",
                url: Xrm.Page.context.getClientUrl() + "/XRMServices/2011/OrganizationData.svc/SystemUserRolesSet",
                data: JSON.stringify(entity),
                beforeSend: function (XMLHttpRequest) {
                    XMLHttpRequest.setRequestHeader("Accept", "application/json");
                },
                async: false,
                success: function (data, textStatus, xhr) {
                    var result = data.d;
                    var newEntityId = result.SystemUserRolesId;
                },
                error: function (xhr, textStatus, errorThrown) {
                    alert(textStatus + " " + errorThrown );
                }
            });

    Thursday, July 23, 2015 8:57 PM
  • Same code trying to do an associate:

    ----------

    var association = {};
    association.uri = Xrm.Page.context.getClientUrl() + "/XRMServices/2011/OrganizationData.svc/RoleSet(guid'419d8a6a-7631-e511-80e6-fc15b4284734')";

    $.ajax({
        type: "POST",
        contentType: "application/json; charset=utf-8",
        datatype: "json",
        url: Xrm.Page.context.getClientUrl() + "/XRMServices/2011/OrganizationData.svc/SystemUserSet(guid'800bc933-78f3-e111-b3e3-78e3b511a6f')",
        data: JSON.stringify(association),
        beforeSend: function (XMLHttpRequest) {
            XMLHttpRequest.setRequestHeader("Accept", "application/json");
        },
        async: false,
        success: function (data, textStatus, xhr) {
            alert("Associated"); //Success - No Return Data - Do Something
        },
        error: function (xhr, textStatus, errorThrown) {
            alert(textStatus + " " + errorThrown);
        }
    });

    Thursday, July 23, 2015 9:08 PM
  • Maybe I need to do a SOAP Call? 

    I would work but I'm pretty sure that Rest would work as well.

    Rest doesn't seem to work, it throws back a 'forbidden' message.  I also tried an 'associate' REST call, but it said bad request.

    That just means that your code is wrong and I can confirm it.

    I think associate is only for N:1 and 1:N relationships?

    I'm pretty sure that Associate/Diassociate messages are used for N-N relationship.

    Your second request looks almost ok except you forgot to put relationshipname. So it should be something like:

    url: Xrm.Page.context.getClientUrl() + "/XRMServices/2011/OrganizationData.svc/SystemUserSet(guid'800bc933-78f3-e111-b3e3-78e3b511a6f')/$links/systemuserroles_association",
    For such operation not to waste time I would suggest you to use some framework. I use XrmSvcToolkit.

    Dynamics CRM MVP
    My blog

    Friday, July 24, 2015 4:59 AM
    Moderator
  • I am using Jason Lattimer's CRM Rest builder that lets you select from XrmServiceToolkit, Jquery, SDK.REST, etc.  None of these seem to work, even if I put in the 'systemuserroles_association' as the relationship name.

    XrmSvcToolkit.associate({
        entity1Name: "SystemUser",
        entity1Id: "800bc933-78f3-e111-b3e3-78e3b511a6f7",
        entity2Name: "Role",
        entity2Id: "419d8a6a-7631-e511-80e6-fc15b4284734",
        relationshipName: "systemuserroles_association",
        async: false,
        successCallback: function () {
             alert("Associated"); //Success - No Return Data - Do Something
        },
        errorCallback: function (error) {
             alert(error.message);
        }
    });

    The most helpful error I get is 'Invalid role specified for entity systemuser in relationship systemuserroles_association.referenced'.  That would indicate that the roleID is invalid, but I have confirmed that the roleid is correct.  This is CRM Online v2015 if that makes a difference.

    Does this code work for you if you give it a valid SystemUserID and RoleId ?

    Friday, July 24, 2015 12:51 PM
  • I'm pretty that it should work with correct ids. I faced similar issue with identifier of role. Code worked when user I used was in root business unit but it didn't when user was in one of child business units. Explanation is following - for every child BU CRM creates cloned Security Role record for every single security role that is available for parent BU. And of course ids are different. Recheck that scenario. Also recheck one more time (by yourself because I don't trust in such cases to others) that IDs of user and security role are correct.

    Dynamics CRM MVP
    My blog

    Friday, July 24, 2015 12:58 PM
    Moderator
  • It's not the business units, this is a simple org and only has one BU.

    I checked the ID's again by doing a REST query on the specific GUID and it returned the correct user and role.

    I did find this blog post that uses SOAP to make the entity relationship, but it's older and probably won't work with CRM 2015 without some tweaking.

    http://crmentropy.blogspot.com/2010/09/nn-relationship-utility-code-javascript.html

    I'm going to table this for a few days as I have to work on another project, but may get some time to get back to it next week or two.


    Friday, July 24, 2015 1:44 PM