dynamics-crmrolescrmdynamics-crm-4privileges

Role/Privilege overview CRM

I' working on MS CRM 4.0.

Is there a possibility to show an overview of all roles and their privileges on each entity? I need it, for example, in excel to show it to a customer. It should be built something like this:

Is there a functionality for this? I'm using a lot of roles and custom entities, and it would take me a lot of work to do it manually.

Solution

  • I found this example on MSDN that should get you what you are requesting. http://archive.msdn.microsoft.com/CrmSecurityReports

    Click on the downloads tab. The zip contains four reports to display privileges by security role and/or business unit. There are 2 reports by role and 2 reports by user.

    This is from the file named RolePrivileges.sql and should get you what you need:

    -- Query on entity roles, consolidating records
select RoleName, BusinessUnitName, EntityName
, max([Read]) as [Read], max([Write]) as [Write], max([Append]) as [Append], max([AppendTo]) as [AppendTo]
, max([Create]) as [Create], max([Delete]) as [Delete], max([Share]) as [Share], max([Assign]) as [Assign] 
from                                                                                                
-- Use sub query to split rights into columns, then outer query gets the Depth
(select r.name as RoleName, r.businessunitidname as BusinessUnitName, e.Name as EntityName
, isnull(case when p.AccessRight & 1  0 then max(rp.PrivilegeDepthMask) end, 0) as [Read]         
-- Use AccessRight to determine action
, isnull(case when p.AccessRight & 2  0 then max(rp.PrivilegeDepthMask) end, 0) as [Write]
, isnull(case when p.AccessRight & 4  0 then max(rp.PrivilegeDepthMask) end, 0) as [Append]
, isnull(case when p.AccessRight & 16  0 then max(rp.PrivilegeDepthMask) end, 0) as [AppendTo]
, isnull(case when p.AccessRight & 32  0 then max(rp.PrivilegeDepthMask) end, 0) as [Create]
, isnull(case when p.AccessRight & 65536  0 then max(rp.PrivilegeDepthMask) end, 0) as [Delete]
, isnull(case when p.AccessRight & 262144  0 then max(rp.PrivilegeDepthMask) end, 0) as [Share]
, isnull(case when p.AccessRight & 524288  0 then max(rp.PrivilegeDepthMask) end, 0) as [Assign]
from 
    dbo.FilteredRole r
    join dbo.RolePrivileges rp on r.roleid = rp.roleid
    join dbo.FilteredPrivilege p on rp.privilegeid = p.privilegeid
    join dbo.PrivilegeObjectTypeCodes potc on p.privilegeid = potc.privilegeid
    join MetadataSchema.Entity e on potc.ObjectTypeCode = e.ObjectTypeCode
group by 
    r.name, r.businessunitidname, e.Name, p.AccessRight) as Role
group by 
    RoleName, BusinessUnitName, EntityName