Filtering records of any entity on top of Role and Permission

Filtering records of any entity on top of Role and Permission

Many times as a developer point of view we get some requirements which are complex in terms of designing and to meet such type of requirement we look to find an alternative solution.

Recently in my project I faced an issue regarding the Security Role for a Specific Type of User(Role). I would like to share the scenario. I had to filer the records of a particular entity dynamically based on a PickList value of that form. I mean in real the problem and the requirement was much more complex but let not focus on that. Let’s see how we can filter the record on top of the role privileges.

To solve my problem I wrote a plugin and registered for a RetrieveMultiple message.

// Obtain the execution context from the service provider.
IPluginExecutionContext context=(IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));
if (context.Mode == 0 && context.Stage == 20 && context.MessageName.Equals("RetrieveMultiple"))
  if (context.InputParameters.Contains("Query"))
     if (context.InputParameters["Query"] is QueryExpression)
         QueryExpression objQueryExpression = (QueryExpression)context.InputParameters["Query"];

       if (objQueryExpression.EntityName == "entityName")
          IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
          service = serviceFactory.CreateOrganizationService(context.UserId);
          ConditionExpression conExpress;
          string role = string.Empty;

          role = getUserRole(context.UserId);//Method to get the role of logged In User
          if (role.Contains("roleName"))
             conExpress = new ConditionExpression()
                AttributeName = "attributeName",
                Operator = ConditionOperator.Equal,
                Values = { "1" }
           // show all for legal , finance, system admin

           conExpress = new ConditionExpression()
             AttributeName = "attributeName",
             Operator = ConditionOperator.In,
             Values = { "1", "2", "3" }

       FilterExpression newFilter = new FilterExpression()
           FilterOperator = LogicalOperator.Or,
           Conditions = { conExpress }


Here I have used the method getUserRole() but not shown in the code. We can get the role easily by using Linq, FetchXml or any other means. Anyways that was not the agenda for this article.

I have tested this plugin & its works fine without any Performance Issue. Below I have shown the registration steps for this plugin.

Note: If you are checking the entityname inside the plugin then its fine you can register the plugin as above otherwise you c an mention the entityname also in the Primary Entity in the above registration  step.

This RetrieveMultiple can be used for multiple purposes for eg for filtering of records in Lookup etc. I hope this really helps.  HAPPY READING !!!!!!!!!!!!!!!!!!


, , , ,

  1. #1 by Homayoun on August 2, 2013 - 9:16 pm

    Great code. Thank you very much, Deepak. I hope you can help me further. Here is what I am working on:

    I am trying to trap the RetrieveMultiple message and modify the QueryExpression it is using. Specifically, when clicked on Connections from left navigation of the Contact entity, all the connections created for that contact are retrieved. I was able to use your code and update the query expression.

    Now I need to modify the QueryExpression further to retrieve all connections created for that contact (e.g. connections created under related opportunities for that contact).

    I hope this is clear. So far, I have got to the point that I can trap the message and look at the query being submitted in a Pre Operation plugin.

    Your help is greatly appreciated.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: