Welcome Guest! To enable all features please Login or Register.



Go to last post Go to first unread
#1 Posted : Tuesday, October 8, 2019 10:12:37 AM(UTC)

Rank: Administration

Groups: Administrators, Registered
Joined: 1/2/2018(UTC)
Posts: 9
United States

It's actually pretty difficult in Customer Engagement to find all of the security roles that reference a particular entity, but this can be queried through the web API. Basically, you enter a URL and the result is in JSON (JavaScript Object Notation). It can be formatted to be a bit more legible using a site like jsonprettyprint.com.

The URL you need to use looks like this:


In the above URL, you need to replace "yourcrmserver" with the correct server name (if you're hosted by Microsoft, it will end in .crm.dynamics.com) and "your_entitylogicalname" with the entity you're looking for (i.e. account).

If you are looking for a slightly more specific permission (like the ability to create new records of a type), you can prefix the entity name with one of the following:

  • prvRead
  • prvWrite
  • prvDelete
  • prvAppend
  • prvAppendTo
  • prvAssign

That would result in something like prvWriteaccount to find all the roles that can edit an account.

The result will look something like this:


  "@odata.context": "https:\/\/yourcrmserver\/api\/data\/v9.0\/$metadata#privileges(roleprivileges_association(name))",
  "value": [
      "@odata.etag": "W\/\"1950248\"",
      "privilegerowid": "e3913344-6377-4821-bd04-aa04bf5423ef",
      "accessright": 2,
      "canbebasic": true,
      "versionnumber": 1950248,
      "componentstate": 0,
      "privilegeid": "7863e80f-0ab2-4d67-a641-37d9f342c7e3",
      "canbeentityreference": true,
      "canbeglobal": true,
      "canbedeep": true,
      "name": "prvWriteAccount",
      "canbeparententityreference": true,
      "ismanaged": false,
      "solutionid": "fd140aad-4df4-11dd-bd17-0019b9312238",
      "introducedversion": "",
      "overwritetime": "1900-01-01T00:00:00Z",
      "canbelocal": true,
      "roleprivileges_association": [
          "@odata.etag": "W\/\"41834333\"",
          "name": "Customer Service Representative",
          "roleid": "ddcdf3c8-6c7a-e711-8103-c4346bdc9111"
          "@odata.etag": "W\/\"25309205\"",
          "name": "Vice President of Marketing",
          "roleid": "1ad4f3c8-6c7a-e711-8103-c4346bdc9111"
      "roleprivileges_association@odata.nextLink": "https:\/\/yourcrmserver\/api\/data\/v9.0\/privileges(7863e80f-0ab2-4d67-a641-37d9f342c7e3)\/roleprivileges_association?$select=name"

The roleprivileges_association section shows the names of the various roles that have this permission.

Edited by user Tuesday, October 8, 2019 10:20:11 AM(UTC)  | Reason: Not specified

Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.