How to get current user privileges in MS Dynamics CRM on server side

Question

I'm working on MS CRM plugin, and it should be able to determine whether the current user has write access to the current entity. I don't know how to approach this task.

It seems that the most user-friendly way accomplish this task is currently unsupported.

Is there any alternative in MS CRM 2011 SDK, except composing a FetchXML query and parsing its output?

Answer 1

Here is what I have come up with — this code will check, does current user has given privilege on current record:

// Requesting user's access rights to current record
var principalAccessRequest = new RetrievePrincipalAccessRequest
{
    Principal = new EntityReference("systemuser", localContext.PluginExecutionContext.UserId),
    Target = new EntityReference(localContext.PluginExecutionContext.PrimaryEntityName, localContext.PluginExecutionContext.PrimaryEntityId)
};

// Response will contain AccessRights mask, like AccessRights.WriteAccess | AccessRights.ReadAccess | ...
var principalAccessResponse = (RetrievePrincipalAccessResponse)localContext.OrganizationService.Execute(principalAccessRequest);

if ((principalAccessResponse.AccessRights & AccessRights.WriteAccess) != AccessRights.None)
{
    ...
    ...
    ...
}

The code inside if statement will be executed if user has WriteAccess to current record.

Answer 2

According to Matt's Answer:

1. Retrieve on the entity privilege
2. Join on entity roleprivilege where privilege.privilegeid = roleprivilege.privilegeid
3. Join on entity systemuserrole where systemuserrole.roleid = roleprivileges.roleid and systemuserrole.systemuserid = (GUID of the user in question)
4. Then either iterate through the privileges or look for privilege where privilege.name = "prvReadMyEntityName"

You have just have to perform the joins and add the where clause you care about. Here is the Equivalent SQL:

SELECT Privilege.*
FROM Privilege
INNER JOIN RolePrivilege ON Privilege.PrivilegeId = RolePrivilege.PrivilegeId
INNER JOIN SystemUserRole ON SystemUserRole.RoleId = RolePrivileges.RoleId AND SystemUserRole.SystemUserId = (user's GUID)
-- WHERE Add whatever constraints on the Privilege entity that you need

You can perform this using Fetch XML, or LINQ to CRM, or Query Expressions, or even OData.