Recently I had to write a plugin which only runs for users who can’t create or update certain entity type. In my endeavor, I came across this post about PrivilegeDepthMask
and AccessRight
. Read more on MSCRM King.
PrivilegeDepthMask
Value | Scope |
1 | Basic (User) |
2 | Local (Business Unit) |
4 | Deep (Parent: Child) |
8 | Global (Organisation) |
AccessRight
Value | Scope |
1 | Read |
2 | Write |
4 | Append |
16 | AppendTo |
32 | Create |
65536 | Delete |
262144 | Share |
524288 | Assign |
Cheers – Sy
Using FilteredViews, issues performance CRM: errors timeout
I have SQL with filteredView
select ….
FROM Filteredrsg_documentodecampania doc
INNER JOIN FilteredTeam equipo on equipo.regardingobjectid=doc.rsg_documentodecampaniaid
INNER JOIN FilteredTeammembership equiposh on equiposh.teamid=equipo.teamid
INNER JOIN FilteredSystemuser usersyste on usersyste.systemuserid=equiposh.systemuserid
INNER JOIN Filteredrsg_mediador med on med.rsg_mediadorid=usersyste.rsg_mediador
Database partners note:
Generate many inserts (create functions):
insert into @t (OwnerId)
select pem.PrincipalId from PrincipalEntityMap pem WITH (NOLOCK)
join SystemUserPrincipals sup WITH (NOLOCK)
on pem.PrincipalId = sup.PrincipalId
join SystemUserManagerMap summ WITH (NOLOCK)
on sup.SystemUserId = summ.SystemUserId
where summ.ParentSystemUserId = @userid
and pem.ObjectTypeCode = @objecttypecode
in the SQL Session the messages:
//– TODO andreism: instead of complex queries MaxPrivilegeDepthMask for read privilege should be precomputed and persist in db
//– another option is merge SystemUserRoles and TeamRoles into one table, but it’s still one query instead of two create function dbo.fn_GetMaxPrivilegeDepthMask(@ObjectTypeCode int) returns @d table(PrivilegeDepthMask int)
//– It is by design that we return a table with only one row and column as begin declare @UserId uniqueidentifier select @UserId = dbo.fn_FindUserGuid() declare @t table(depth int)
//– from user roles insert into @t(depth) select
//–privilege depth mask = 1(basic) 2(local) 4(deep) and 8(global)
//– 16(inherited read) 32(inherited local) 64(inherited deep) and 128(inherited global)
//– do an AND with 0x0F ( =15) to get basic/local/deep/global max(rp.PrivilegeDepthMask % 0x0F) as PrivilegeDepthMask from PrivilegeBase priv join RolePrivileges rp on (rp.PrivilegeId = priv.PrivilegeId) join Role r on (rp.RoleId = r.ParentRootRoleId) join SystemUserRoles ur on (r.RoleId = ur.RoleId and ur.SystemUserId = @UserId) join PrivilegeObjectTypeCodes potc on (potc.PrivilegeId = priv.PrivilegeId) where potc.ObjectTypeCode = @ObjectTypeCode and priv.AccessRight & 0x01 = 1
//– from user’s teams roles insert into @t(depth) select –privilege depth mask = 1(basic) 2(local) 4(deep) and 8(global)
//– 16(inherited read) 32(inherited local) 64(inherited deep) and 128(inherited global)
//– do an AND with 0x0F ( =15) to get basic/local/deep/global max(rp.PrivilegeDepthMask % 0x0F) as PrivilegeDepthMask from PrivilegeBase priv join RolePrivileges rp on (rp.PrivilegeId = priv.PrivilegeId) join Role r on (rp.RoleId = r.ParentRootRoleId) join TeamRoles tr on (r.RoleId = tr.RoleId) join SystemUserPrincipals sup on (sup.PrincipalId = tr.TeamId and sup.SystemUserId = @UserId)
//join PrivilegeObjectTypeCodes potc on (potc.PrivilegeId = priv.PrivilegeId) where potc.ObjectTypeCode = @ObjectTypeCode and priv.AccessRight & 0x01 = 1 insert into @d select max(depth) from @t return end
any suggestions?
Do you use alot of record sharing to user?