Dynamics 365 – Share-Unshare Records with Plugin or Custom Workflow Activity by using C#

In Dynamics 365, you can dynamically change access privileges of users or teams to records by using Plugins or Workflows. There could multiple scenarios you can implement such functions. For instance, when creating a new Record you can share that record with a specific team or user by using GrantAccessRequest message. Again, on changing of a boolean or OptionSet field, depending on the value you can give teams or users access to that record with GrantAccessRequest and remove access with RevokeAccessRequest messages. The advantage of this, you don’t have to give higher security roles to the users. You can manage the security on a record basis.

You can use the below codes to create Plugin Steps or Custom Activity Workflows to implement that logic.

/// <summary>
/// Contains the data that is needed to grant a security principal (user or team) access to the specified record.
/// </summary>
/// <param name="orgService"></param>
/// <param name="sharedRecord">The entity that is the target of the request to grant access. Required.</param>
/// <param name="sharedUser">The team or user that is granted access to the target record.</param>
private void GrantAccess(IOrganizationService orgService, EntityReference sharedRecord, EntityReference sharedUser)
{
var grantAccessRequest = new GrantAccessRequest
{
PrincipalAccess = new PrincipalAccess
{
AccessMask = AccessRights.ReadAccess | AccessRights.WriteAccess | AccessRights.AppendToAccess,
Principal = sharedUser
},
Target = sharedRecord
};
orgService.Execute(grantAccessRequest);
}
/// <summary>
/// Contains the data that is needed to replace the access rights on the target record for the specified security principal (user or team).
/// </summary>
/// <param name="orgService"></param>
/// <param name="sharedRecord">Target record for which you want to revoke access. Required.</param>
/// <param name="sharedUser">A security principal (team or user) whose access you want to revoke. Required.</param>
private void RevokeAccess(IOrganizationService orgService, EntityReference sharedRecord, EntityReference sharedUser)
{
var revokeUserAccessReq = new RevokeAccessRequest
{
Revokee = sharedUser,
Target = sharedRecord
};
orgService.Execute(revokeUserAccessReq);
}
/// <summary>
/// Contains the data that is needed to retrieve all security principals (users or teams) that have access to, and access rights for, the specified record.
/// </summary>
/// <param name="orgService"></param>
/// <param name="sharedRecord">Records you want to retrieve security principals (users and teams) and their access rights</param>
private static void RetrieveSharedUsers(IOrganizationService orgService, EntityReference sharedRecord)
{
var accessRequest = new RetrieveSharedPrincipalsAndAccessRequest
{
Target = sharedRecord
};
var accessResponse = (RetrieveSharedPrincipalsAndAccessResponse)orgService.Execute(accessRequest);
}
view raw GrantAccess.cs hosted with ❤ by GitHub

One thought on “Dynamics 365 – Share-Unshare Records with Plugin or Custom Workflow Activity by using C#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s