On occasion I’ve had the need to programmatically share a record with a CRM user or team. I noticed this morning that the CRM user interface and the CRM web service call to Grant Access don’t actually have the same number of options.
Here is how you would share a record manually, through the CRM interface:
Here is how you do share a record via code ( from the CRM SDK ):
// Create the SecurityPrincipal Object SecurityPrincipal principal = new SecurityPrincipal(); principal.Type = SecurityPrincipalType.User; // PrincipalId is the Guid of the user to whom access is being granted principal.PrincipalId = new Guid("7B222F98-F48A-4AED-9D09-77A19CB6EE82"); // Create the PrincipalAccess Object PrincipalAccess principalAccess = new PrincipalAccess(); // Set the PrincipalAccess Object's Properties principalAccess.Principal = principal; // Gives the principal access to read principalAccess.AccessMask = AccessRights.ReadAccess; // Create the Target Object for the Request TargetOwnedAccount target = new TargetOwnedAccount(); // EntityId is the Guid of the account access is being granted to target.EntityId = new Guid("6A92D3AE-A9C9-4E44-9FA6-F3D5643753C1"); // Create the Request Object GrantAccessRequest grant = new GrantAccessRequest(); // Set the Request Object's properties grant.PrincipalAccess = principalAccess; grant.Target = target; // Execute the Request GrantAccessResponse granted = (GrantAccessResponse)service.Execute(grant);
AccessMask Property
The AccessMask property defines how the record should be shared. The following values are available:
AppendAccess
Specifies the right to append the specified object to another object.
AppendToAccess
Specifies the right to append another object to the specified object.
AssignAccess
Specifies the right to assign the specified object to another security principal.
CreateAccess
Specifies the right to create an instance of the object type.
DeleteAccess
Specifies the right to delete the specified object.
ReadAccess
Specifies the right to read the specified type of object.
ShareAccess
Specifies the right to share the specified object.
WriteAccess
Specifies the right to update (write to) the specified object.
For additional information, visit the CRM SDK topic: AccessRights Enumeration (CrmService).
The example above gives Read access to a record. To specify more than one access right, you use the C# OR assignment operator so that your code looks something like this:
principalAccess.AccessMask |= AccessRights.ReadAccess; principalAccess.AccessMask |= AccessRights.WriteAccess;
The Append Oddity
I noticed something odd about the Assign right this morning. If you are programmatically sharing the record you must supply both Append and AppendTo rights in order for CRM to fully give Append rights to the record. Here is the code:
principalAccess.AccessMask |= AccessRights.AppendAccess; principalAccess.AccessMask |= AccessRights.AppendToAccess;
If you only supply Append and view the sharing assignments through the CRM user interface, you will not see the Append box checked.
Loading ...
Hi Mitch,
I've found that soon after I find a need to programaticly share access, I also need to change or remove it.
While the changing access by calling grant access with a new mask was straight forward, I was expecting to find a AccessRights.NoAccess memeber of the enumeration, rather than the RevokeAccessRequest that the SDK uses.
Thanks,
Chris
[...] Records Programmatically Posted on July 12, 2010 by roman20007 Sharing records (by Mitch [...]