Records in which entity MS CRM 2011 creates as part of sharing process?

4
votes

I'm automatically sharing records in MS CRM 2011 on specific users and teams using custom rules. But users are able to alter this sharing information using button on MS CRM ribbon, and this will spoil all the security model I have.

I believe should be a way to prevent this information from being updated by using plugin on server side. But I'm not aware Update event on which entity I should listen to capture this edit event?

Records in which entity are created when user shares an entity?

2
.netdynamics-crm-2011
Are you aware of the drawbacks of using sharing to drive the security model? blogs.msdn.com/b/ukcrm/archive/2011/07/08/…James Wood
Thanks! But what else shell I do, if I need to implement complex model that does not fit standard?shytikov
Teams will usually do the trick, gets a little heavy on the administration side of things but is often the best option.James Wood
It's approach with the teams: I need to implement security model with three hierarchies of business units in the same time. It's done by creating respective teams and sharing on them.shytikov

2 Answers

3
votes

Is not a reply to your question, but:

the users can share only if they have rights to do.

This can be defined inside the security roles

enter image description here

and if you are sharing a record programmatically you can set also if a user has the share privilege or not (as similar when you set by UI):

enter image description here

3
votes

Total stab in the dark, but I believe the GrantAccess message is what you need.

It looks like whenever a user attempts to give access via sharing (haven't tested it yet) the plugin should fire and you can check to see if they have rights, and cancel the request.

It only works on user owned entities, which is what I'm assuming yours is.

And you may need to register for RevokeAccess as well if they are "Unsharing"