我是Dynamics CRM的新手,我正在尝试从CRM的SQL后端导出安全角色,以创建每个安全角色的读取,写入,创建等权限的报告。之前有人做过这个,因为CRM表格很模糊。
答案 0 :(得分:9)
以下内容将列出每个安全角色,与其相关的实体 - 特权和访问级别:
SELECT DISTINCT
r.Name
,COALESCE(e.OriginalLocalizedName, e.Name) AS [EntityName]
,CASE p.AccessRight
WHEN 32 THEN 'Create' /* or hex value 0x20*/
WHEN 1 THEN 'Read'
WHEN 2 THEN 'Write'
WHEN 65536 THEN 'Delete' /* or hex value 0x10000*/
WHEN 4 THEN 'Append'
WHEN 16 THEN 'AppendTo'
WHEN 524288 THEN 'Assign' /* or hex value 0x80000*/
WHEN 262144 THEN 'Share' /* or hex value 0x40000*/
ELSE 'None'
END AS [Privilege]
,CASE (rp.PrivilegeDepthMask % 0x0F)
WHEN 1 THEN 'User (Basic)'
WHEN 2 THEN 'Business Unit (Local)'
WHEN 4 THEN 'Parental (Deep)'
WHEN 8 THEN 'Organization (Global)'
ELSE 'Unknown'
END AS [PrivilegeLevel]
,(rp.PrivilegeDepthMask % 0x0F) as [PrivilegeDepthMask]
,CASE WHEN e.IsCustomEntity = 1 THEN 'Yes' ELSE 'No' END AS [IsCustomEntity]
FROM Role AS r
INNER JOIN RolePrivileges AS rp
ON r.RoleId = rp.RoleId
INNER JOIN Privilege AS p
ON rp.PrivilegeId = p.PrivilegeId
INNER JOIN PrivilegeObjectTypeCodes AS potc
ON potc.PrivilegeId = p.PrivilegeId
INNER JOIN MetadataSchema.Entity AS e
ON e.ObjectTypeCode = potc.ObjectTypeCode
ORDER BY r.Name, [EntityName]
答案 1 :(得分:3)
万一有人发现自己处于我的位置。我接受了Donal的回答并进一步发展了它。 第一个查询将为您提供特定于实体的用户访问角色,类似于UI中的格式化。但是,它不会打印UI中页面底部显示的麦克风权限,因为它们未链接到实体。使用第二个查询来获取这些。 我添加了一个显示当前环境的列,这样可以快速比较CRM的不同实例。
有关实体的用户角色权利:
With groupRights AS (
SELECT DISTINCT
[MSCRM_CONFIG].[dbo].[Organization].friendlyname AS Environment,
COALESCE(e.OriginalLocalizedName, e.Name) AS [Entity],
r.Name as [Role],
CASE p.AccessRight
WHEN 32 THEN 'Create' /* or hex value 0x20*/
WHEN 1 THEN 'Read'
WHEN 2 THEN 'Write'
WHEN 65536 THEN 'Delete' /* or hex value 0x10000*/
WHEN 4 THEN 'Append'
WHEN 16 THEN 'AppendTo'
WHEN 524288 THEN 'Assign' /* or hex value 0x80000*/
WHEN 262144 THEN 'Share' /* or hex value 0x40000*/
ELSE 'None'
END AS [Privilege]
,(rp.PrivilegeDepthMask % 0x0F) as [PrivilegeDepthMask]
,CASE WHEN e.IsCustomEntity = 1 THEN 'Yes' ELSE 'No' END AS [IsCustomEntity]
FROM Role AS r
INNER JOIN RolePrivileges AS rp
ON r.RoleId = rp.RoleId
INNER JOIN Privilege AS p
ON rp.PrivilegeId = p.PrivilegeId
INNER JOIN PrivilegeObjectTypeCodes AS potc
ON potc.PrivilegeId = p.PrivilegeId
INNER JOIN MetadataSchema.Entity AS e
ON e.ObjectTypeCode = potc.ObjectTypeCode
INNER JOIN dbo.RoleBase
ON dbo.RoleBase.RoleId = rp.RoleId
INNER JOIN [MSCRM_CONFIG].[dbo].[Organization]
ON dbo.RoleBase.OrganizationId = [MSCRM_CONFIG].[dbo].[Organization].Id
)
SELECT * FROM groupRights
PIVOT
(
avg(PrivilegeDepthMask)
FOR Privilege
IN ([Create], [Read], [Write], [Delete], [Append], [AppendTo], [Assign], [Share], [Error])
) p
ORDER BY [Environment], [Entity], [Role]--, [PrivilegeLevel]
MISC权利:
SELECT DISTINCT
[MSCRM_CONFIG].[dbo].[Organization].friendlyname AS Environment,
r.Name as [Role],
p.name as [Privilege Name],
CASE p.AccessRight
WHEN 32 THEN 'Create' /* or hex value 0x20*/
WHEN 1 THEN 'Read'
WHEN 2 THEN 'Write'
WHEN 65536 THEN 'Delete' /* or hex value 0x10000*/
WHEN 4 THEN 'Append'
WHEN 16 THEN 'AppendTo'
WHEN 524288 THEN 'Assign' /* or hex value 0x80000*/
WHEN 262144 THEN 'Share' /* or hex value 0x40000*/
ELSE 'None'
END AS [Privilege]
,CASE (rp.PrivilegeDepthMask % 0x0F)
WHEN 1 THEN 'User (Basic)'
WHEN 2 THEN 'Business Unit (Local)'
WHEN 4 THEN 'Parental (Deep)'
WHEN 8 THEN 'Organization (Global)'
ELSE 'Unknown'
END AS [PrivilegeLevel]
,CASE WHEN e.IsCustomEntity = 1 THEN 'Yes' ELSE 'No' END AS [IsCustomEntity]
FROM Role AS r
INNER JOIN RolePrivileges AS rp
ON r.RoleId = rp.RoleId
Left outer JOIN Privilege AS p
ON rp.PrivilegeId = p.PrivilegeId
Left outer JOIN PrivilegeObjectTypeCodes AS potc
ON potc.PrivilegeId = p.PrivilegeId
Left outer JOIN MetadataSchema.Entity AS e
ON e.ObjectTypeCode = potc.ObjectTypeCode
INNER JOIN dbo.RoleBase
ON dbo.RoleBase.RoleId = rp.RoleId
INNER JOIN [MSCRM_CONFIG].[dbo].[Organization]
ON dbo.RoleBase.OrganizationId = [MSCRM_CONFIG].[dbo].[Organization].Id
where e.OriginalLocalizedName is null
and e.Name is null