Set PrivilegeDepth with Microsoft CDS Web API

469 views Asked by At

I'm trying to create an application user, along with its Security Role, for my Common Data Service environment using only the Web API. I've managed to create both the User, the Role and associate some Privileges to the Role. The only thing I can't do, is set the PrivilegeDepth of the RolePrivilege association. This is the request payload I'm using to create the role with a few privileges:

{
    "[email protected]": "/businessunits(6efad0b7-160b-eb11-a812-000d3ab2a6be)",
    "name": "Security Role Test",
    "iscustomizable": {
        "Value": true,
        "CanBeChanged": true,
        "ManagedPropertyLogicalName": "iscustomizableanddeletable"
    },
    "canbedeleted": {
        "Value": true,
        "CanBeChanged": true,
        "ManagedPropertyLogicalName": "canbedeleted"
    },
    "[email protected]": [
        "/privileges(2493b394-f9d7-4604-a6cb-13e1f240450d)",
        "/privileges(707e9700-19ed-4cba-be06-9d7f6e845383)",
        "/privileges(e62439f6-3666-4c0a-a732-bde205d8e938)",
        "/privileges(e3f45b8e-4872-4bb5-8b84-01ee8f9c9da1)",
        "/privileges(f36ff7e9-72b9-4882-afb6-f947de984f72)",
        "/privileges(886b280c-6396-4d56-a0a3-2c1b0a50ceb0)"
    ]
}

The RolePrivileges are all created with the lowest depth (User). Anyone knows how to set different depths?

Also, is there a better way to assign privileges to the role? Like, upload an XML with the desired privileges to an endpoint which associates it with the role? And is there a better way to specify the privileges without having to know their GUIDs?

I would really appreciate it if you could help me with this. Thanks!

2

There are 2 answers

0
Pedro Rosa On BEST ANSWER

So I found the solution to set the Privilege depth. There's an action for that, AddPrivelegesRole.

Example:

POST https://org12345.crm4.dynamics.com/api/data/v9.0/roles(1b3df93a-070f-eb11-a813-000d3a666701)/Microsoft.Dynamics.CRM.AddPrivilegesRole

{
    "Privileges": [
        {
            "Depth": "0",
            "PrivilegeId": "886b280c-6396-4d56-a0a3-2c1b0a50ceb0",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "1",
            "PrivilegeId": "7863e80f-0ab2-4d67-a641-37d9f342c7e3",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "2",
            "PrivilegeId": "d26fe964-230b-42dd-ad93-5cc879de411e",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "3",
            "PrivilegeId": "ca6c7690-c935-46b3-bfd2-abb306c2acc0",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        }
    ]
}
1
Arun Vinoth-Precog Tech - MVP On

This should be the payload for setting depth like user, local, etc. Make sure to test this, I didn’t get a chance to test it now. Read more

"[email protected]": [
        {
            "[email protected]" : "/privileges(2493b394-f9d7-4604-a6cb-13e1f240450d)",
            "depth" : 1
        },
    ]

Regarding the dynamic guid values instead of hard coding, just make another service call to pull all the privileges and iterate them. Read more