Search code examples
dynamics-crmdynamics-365dynamics-crm-webapicommon-data-service

Set PrivilegeDepth with Microsoft CDS Web API

I'm trying to create an application user, along with its Security Role, for my Common Data Service environment using only the Web API. I've managed to create both the User, the Role and associate some Privileges to the Role. The only thing I can't do, is set the PrivilegeDepth of the RolePrivilege association. This is the request payload I'm using to create the role with a few privileges:

{
    "[email protected]": "/businessunits(6efad0b7-160b-eb11-a812-000d3ab2a6be)",
    "name": "Security Role Test",
    "iscustomizable": {
        "Value": true,
        "CanBeChanged": true,
        "ManagedPropertyLogicalName": "iscustomizableanddeletable"
    },
    "canbedeleted": {
        "Value": true,
        "CanBeChanged": true,
        "ManagedPropertyLogicalName": "canbedeleted"
    },
    "[email protected]": [
        "/privileges(2493b394-f9d7-4604-a6cb-13e1f240450d)",
        "/privileges(707e9700-19ed-4cba-be06-9d7f6e845383)",
        "/privileges(e62439f6-3666-4c0a-a732-bde205d8e938)",
        "/privileges(e3f45b8e-4872-4bb5-8b84-01ee8f9c9da1)",
        "/privileges(f36ff7e9-72b9-4882-afb6-f947de984f72)",
        "/privileges(886b280c-6396-4d56-a0a3-2c1b0a50ceb0)"
    ]
}

The RolePrivileges are all created with the lowest depth (User). Anyone knows how to set different depths?

Also, is there a better way to assign privileges to the role? Like, upload an XML with the desired privileges to an endpoint which associates it with the role? And is there a better way to specify the privileges without having to know their GUIDs?

I would really appreciate it if you could help me with this. Thanks!

Solution

  • So I found the solution to set the Privilege depth. There's an action for that, AddPrivelegesRole.

    Example:

    POST https://org12345.crm4.dynamics.com/api/data/v9.0/roles(1b3df93a-070f-eb11-a813-000d3a666701)/Microsoft.Dynamics.CRM.AddPrivilegesRole

{
    "Privileges": [
        {
            "Depth": "0",
            "PrivilegeId": "886b280c-6396-4d56-a0a3-2c1b0a50ceb0",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "1",
            "PrivilegeId": "7863e80f-0ab2-4d67-a641-37d9f342c7e3",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "2",
            "PrivilegeId": "d26fe964-230b-42dd-ad93-5cc879de411e",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        },
        {
            "Depth": "3",
            "PrivilegeId": "ca6c7690-c935-46b3-bfd2-abb306c2acc0",
            "BusinessUnitId": "6efad0b7-160b-eb11-a812-000d3ab2a6be"
        }
    ]
}