Problem: I had a situation in which we wanted to
prevent any random user to activate or deactivate record on certain entity. We
wanted only people with specific roles to have permission to activate or
deactivate the record.
Solution:
After doing my research I realized that you don’t have direct way to give permission in CRM 2011 for activation/deactivation of record. So you can do this by either by writing a javascript or by writing a plugin. There might be other ways to achieve this task as well but according to me the best method will be to write a plugin.
We can write a plugin that fries up when user tries to activate/deactivate the record and at this time we can check the role associated with user. If user is not from the role we want throw exception.
Following steps can be performed to achieve the result:
Thanks,
Solution:
After doing my research I realized that you don’t have direct way to give permission in CRM 2011 for activation/deactivation of record. So you can do this by either by writing a javascript or by writing a plugin. There might be other ways to achieve this task as well but according to me the best method will be to write a plugin.
We can write a plugin that fries up when user tries to activate/deactivate the record and at this time we can check the role associated with user. If user is not from the role we want throw exception.
Following steps can be performed to achieve the result:
1. Write a plugin that
contains code to access role and systemuser
QueryExpression
query = new QueryExpression()
{
LinkEntities =
{
new
LinkEntity
{
LinkFromEntityName = "role",
LinkFromAttributeName
= "roleid",
LinkToEntityName = "systemuserroles",
LinkToAttributeName = "roleid",
LinkCriteria = new FilterExpression
{
FilterOperator = LogicalOperator.And,
Conditions =
{
new ConditionExpression
{
AttributeName = "systemuserid",
Operator = ConditionOperator.Equal,
Values = {
context.InitiatingUserId }
}
}
}
}
},
Criteria
= new FilterExpression
{
Conditions =
{
new ConditionExpression(
"name",
ConditionOperator.In,
new string[]
{
"sc test Role",
"System
Administrator"
}
)
}
}
};
query.EntityName
= "role";
query.ColumnSet
= new ColumnSet("roleid");
EntityCollection userRoles =
service.RetrieveMultiple(query);
if (userRoles.Entities.Count==0)
{
throw new
InvalidPluginExecutionException
(
OperationStatus.Canceled,
"You are not allowed to deactivate record"
);
}
So the plugin will throw error if the user is not from the two roles
mention.
2. Next step is to
register plugin on Pre-operation of “SetStateDynamicEntity”. Set Primary entity
value as the entity for which you want to perform this operation.
Thanks,
No comments:
Post a Comment