Monday, December 23, 2013

Override CRM Record Security Model with Server Side Code (without using JavaScript)

Though CRM system provides inbuilt rich security model, we often end up writing client side scripts in Dynamics CRM to incorporate additional security constraints based on users\teams\business-unit\record. Usually we enforce these constraints with the help of client side scripts, and due to this it leads to screen flickering and results in usability question. 

In this post we will see how we can override CRM default security model with the help of a plugin, there by avoiding custom client side scripting.


Whenever a entity record is accessed by an user, CRM system internally uses RetrievePrincipalAccess method to identify the corresponding user privileges (Read, Write, Delete, Append, AppendTo) associated to that record. Even though RetrievePrincipalAccess is used for internal process, it is also exposed as plugin message so that the customizes can override it as per their needs. 

RetrievePrincipalAccess Message: Retrieves the access that the security principal (user) has for the specified entity instance.

Plugin code:

Plugin Registration:


Once after this plugin is registered and activated, specific account record's will be displayed as 'read-only' based on your custom business logic. This logic can be extended to restrict access rights based on entity field values too...

No comments:

Post a Comment