Skip to main content

Altering User-Defined Sharing Permissions for Dynamics CRM Charts Directly in the Database

Today I received an email from a user experiencing difficulty editing charts that had been shared with them by another user, who had forgotten to check the "Write" permission. Unfortunately this person was away for the day, and for some reason CRM doesn't have a neat admin tool for managing individual user-specified sharing settings for charts and such.  So I had little choice but to dig into the bowels of the database and set the permissions manually.

User-designed charts are accessible via the UserQueryVisualization view and the actual permission info is stored in PrincipalObjectAccess table. The corresponding record for a specific user/chart can be obtained like this:

SELECT  poa.PrincipalObjectAccessId
FROM    UserQueryVisualization uq
      LEFT JOIN PrincipalObjectAccess poa
            ON poa.ObjectId = uq.UserQueryVisualizationId
                  LEFT JOIN SystemUserPrincipals sp
                        ON sp.PrincipalId = poa.PrincipalId
                              LEFT JOIN FilteredSystemUser su
                                    ON su.systemuserid = sp.SystemUserId
WHERE = 'Chart Name'
AND     su.fullname = 'User Name'

From there all that needs to happen is to update AccessRightsMask = 786455 for that PrincipalObjectAccess record. I have no idea what this value represents but it's the same value that was set on a test record which I had assigned full access to. If anyone can explain its meaning, that would be enlightening.


Popular posts from this blog

Using Log4Net to use both event log and a rolling log file

Here's the config section, note that the applicationNameproperty in the EventLogAppender needs to be the same as the event source in the windows event log that you want to log to.  If the event source doesn't exist, that appender won't work.  In this particular project I create that during install using WiX (which is covered in another post)

    <appendername="RollingLogFileAppender"type="log4net.Appender.RollingFileAppender">      <filevalue="log.txt" />      <datePatternvalue="dd-MM-yyyy" />      <appendToFilevalue="true" />      <locationinfovalue="false" />      <rollingStylevalue="Size" />      <maximumFileSizevalue="1MB" />      <maxSizeRollBackupsvalue="10" />      <staticLogFileNamevalue="true" />      <layouttype="log4net.Layout.PatternLayout">        <conv…

Using WiX to create an event source during install of a .NET framework project

Edit: so I guess I wasn't the only one confused with this stuff, as it's been my most popular post by far!  If I've helped you out or saved you some time, please let me know in the comments :)

In order for this to work, you have to add references to WixUtilExtension and WixNetFxExtension to your WiX project.  Once that's done, add this inside a <Component> element:

<Util:EventSourcexmlns:Util=""Name="EVENTSOURCEGOESHERE"Log="Application"EventMessageFile="[NETFRAMEWORK40FULLINSTALLROOTDIR]EventLogMessages.dll" />
Obviously replace EVENTSOURCEGOESHERE with your event source name.  NETFRAMEWORK40FULLINSTALLROOTDIR is a property set by the WixNetFxExtension which stores the path to the .NET framework v4 directory, but you can replace this with the corresponding property for the directory containing the relevant EventLogMessages.dll file.  So if you're using the .NET framewo…

How to make yourself a Dynamics CRM 2011 Deployment Administrator

Today I needed to deactivate one of our Dynamics organisations, but when I opened the Dynamics Deployment Manager, I received the following error:

"Only the Deployment Administrators are able to use Deployment Manager. You are not a Deployment Administrator."
Bummer. I did a bit of Googling and found this post by Ronald Lemmen (thanks for pointing me in the right direction!).  Since the Dynamics Deployment Manager is obviously checking the MSCRM_CONFIG database for this information I attached a database trace to it and found that it's executing these queries (among many others):

exec sp_executesql N'SELECT  Id, [DefaultOrganizationId], [IsDisabled], [Name]   FROM [SystemUser]   WHERE ((([Name] = @Name0)) ) AND (IsDeleted = 0) ', N'@Name0 nvarchar(41)',@Name0=N'{My windows domain account}'
exec sp_executesql N'SELECT  Id, [Name], [UniqueifierId]   FROM [SecurityRole]   WHERE ((([Name] = @Name0)) ) AND (IsDeleted = 0) ', N'@Name0 nvarchar…