CRM 2011: Special permissions missing for Users - dynamics-crm-2011

We have created a bunch of users in CRM 2011 using the SDK. However, we added their Security Role records through the database.
Everything seems to work fine, until these users started to save their own User Dashboards and Advanced Finds.
The users could create their own User Dashboards. However, once they created them, they could not see them. They were not in their list of Dashboards - only the System Dashboards where there.
There were no errors in the event viewer or even the trace logs.
I used SQL Profiler to see what it was doing and I discovered it was checking the PrincipalEntityMap table for principals that had an objecttypecode of 1031 - which is the User Dashboard (called UserForm).
How do these records get created?
I can write a SQL script to populate the database with these missing records.
What I would like to know is why they are missing? Any ideas?
Where do the records for PrincipalEntityMap come from?

Because we created the UserRole (i.e. User Security Role) records through the database and not through the SDK - we missed some POA (Principal Object Access) related records.
There are a number of stored procedures that can be called to re-initialise these records.
We have written a script to reset these records for all users:
-- This will create PrincipalEntityMap for users - if they are not there:
INSERT INTO PrincipalEntityMap (ObjectTypeCode, PrincipalId, PrincipalEntityMapId)
SELECT 1031, sup.PrincipalId, NEWID()
FROM SystemUserPrincipals sup
INNER JOIN SystemUser su ON su.SystemUserId = sup.SystemUserId
WHERE
(sup.PrincipalId = su.SystemUserId) AND
(sup.PrincipalId NOT IN
(
SELECT pem.PrincipalId
FROM PrincipalEntityMap pem
WHERE pem.ObjectTypeCode = 1031
)
)
DECLARE #PrincipalTable TABLE (PrincipalID uniqueidentifier)
DECLARE #CurrentPrincipalID uniqueidentifier
DECLARE #UserIds VARCHAR(60)
DECLARE #Type INT
BEGIN TRANSACTION ResetPrincipalEntitiyMap
BEGIN
SET #Type = 8
INSERT INTO #PrincipalTable (PrincipalID)
SELECT sup.PrincipalId
FROM SystemUserPrincipals sup WITH (NOLOCK)
INNER JOIN SystemUser su WITH (NOLOCK) ON sup.SystemUserId = su.SystemUserId AND sup.PrincipalId = su.SystemUserId
WHILE EXISTS (SELECT PrincipalID FROM #PrincipalTable)
BEGIN
SELECT TOP 1 #CurrentPrincipalID = PrincipalID
FROM #PrincipalTable
ORDER BY PrincipalID ASC
EXEC p_PrincipalEntityMapReinit #CurrentPrincipalID, #Type
EXEC p_PrincipalAttributeAccessMapReinit #CurrentPrincipalID, #Type
SET #UserIds = cast(#CurrentPrincipalID AS VARCHAR(50))
EXEC p_SystemUserBuEntityMapReinit #UserIds
DELETE FROM #PrincipalTable WHERE PrincipalID = #CurrentPrincipalID
END
END
COMMIT TRANSACTION ResetPrincipalEntitiyMap
Please Note: Always perform inserts/updates/deletes of Security
Related entities (User, UserRole, Team, TeamRole, etc.) through the
SDK - rather than the database. The SDK does some weird stuff in the
background that will be missed if you use SQL.

While trying to resolve the common/constant problem with exchange server side sync on CRM 2013 (error code E-Mail-Server: Crm.80044151 when sync of contacts, tasks and appoitments is enabled), we've also tried to reinit the principal-tables using your script.
For CRM2013/15, it had to be modified slightly, because the signature of SP p_PrincipalEntityMapReinit has changed.
Here's the updated TSQL - maybe it helps someone else (in our case, it didn't :( ):
DECLARE #PrincipalTable dbo.EntityIdCollection
DECLARE #CurrentPrincipalID uniqueidentifier
DECLARE #UserIds VARCHAR(60)
DECLARE #Type INT
BEGIN TRANSACTION ResetPrincipalEntitiyMap
BEGIN
SET #Type = 8
INSERT INTO #PrincipalTable (id)
SELECT sup.PrincipalId
FROM SystemUserPrincipals sup WITH (NOLOCK)
INNER JOIN SystemUser su WITH (NOLOCK) ON sup.SystemUserId = su.SystemUserId AND sup.PrincipalId = su.SystemUserId
EXEC p_PrincipalEntityMapReinit #PrincipalTable, #Type
WHILE EXISTS (SELECT id FROM #PrincipalTable)
BEGIN
SELECT TOP 1 #CurrentPrincipalID = id
FROM #PrincipalTable
ORDER BY id ASC
EXEC p_PrincipalAttributeAccessMapReinit #CurrentPrincipalID, #Type, 1
SET #UserIds = cast(#CurrentPrincipalID AS VARCHAR(50))
EXEC p_SystemUserBuEntityMapReinit #UserIds
DELETE FROM #PrincipalTable WHERE id = #CurrentPrincipalID
END
END
COMMIT TRANSACTION ResetPrincipalEntitiyMap

Related

Function made of transaction statement on PostgreSQL

I want to authenticate an user by its nickname (networkId) and before-hand hashed password, with an user public table (recoyx.user) and an user private table (recoyx_private.user). The function is based on browsing this PostGraphile tutorial (PostGraphile combines GraphQL and PostgreSQL).
create function recoyx.authenticate(
network_id text,
password_hash text
) returns recoyx.jwt_token
begin;
set local id to (select (numeric_id) from recoyx.user where user.network_id = $1).numeric_id;
select (numeric_id, password_hash)::recoyx.jwt_token
from recoyx_private.user
where user.numeric_id = id and user.password_hash = $2;
end;
The query runner is giving invalid syntax within this function overall, both at the part like select * from recoyx.table where table.field = value, transaction frames and the id binding. I took the query runner from this example which gives a short
facility for initializing, querying and releasing the query runner for the PostgreSQL database (I got here through this postgraphile module API documentation).
When I eliminate this function from my query, it runs fine. As far as I've just seen the dot is valid, and the local assignment too. So is my syntax really wrong?
Update
Now this is my function:
create function recoyx.authenticate(
network_id text,
password_hash text
) returns recoyx.jwt_token
as
$body$
select (numeric_id, password_hash)::recoyx.jwt_token
from recoyx_private.user
where numeric_id = (select numeric_id from recoyx.user where network_id = $1)
and password_hash = $2;
$body$
language sql
stable;
I'm getting undefined relations, but I'm connecting to the default root role that comes within my PostgreSQL installation (postgres role) as I run the create function query
I've put the project on GitHub. I'm running the query through npm run init-database. See environment-example.json (it specifies the conventional "postgres" role).
As documented in the manual the function body is passed as a string in Postgres (and the tutorial you linked to actually included the necessary as $$ ...$$ - you just didn't copy it). You also forgot to specify the function's language.
set local id is neither a valid variable assignment in PL/pgSQL nor in SQL (which doesn't have variables to begin with).
But you don't really need a variable to do what you want, your function can be implemented as a SQL function:
create function recoyx.authenticate(
network_id text,
password_hash text
) returns recoyx.jwt_token
as
$body$
select (numeric_id, password_hash)::recoyx.jwt_token
from recoyx_private.user
where user.numeric_id = (select numeric_id
from recoyx.user
where network_id = $1)
and user.password_hash = $2;
$body$
language sql
stable;

Azure SQL Error Retrieving data from shard - Login Failed for User

I'm trying to do a cross database query but my error suggest's that I can't even connect to my external data source.
My exact error message is the following:
Error retrieving data from shard [DataSource=xxxxxxxxxxxxxxxxxx Database=CRDMPointOfSale_Configuration]. The underlying error message received was: 'Login failed for user 'CRDMAdmin'.'.
Below is my 'Create Database Scoped Credential'.
CREATE DATABASE SCOPED CREDENTIAL CRDMCred
WITH IDENTITY = 'CRDMAdmin',
SECRET = 'xxxxxxxxxx';
GO
Below is my 'Create Extenal Data Source'.
CREATE EXTERNAL DATA SOURCE CRDM_Configuration
WITH (
TYPE=RDBMS,
LOCATION='xxxxxxxxxxxxxxxxxxxxx',
DATABASE_NAME='CRDMPointOfSale_Configuration',
CREDENTIAL = CRDMCred
);
Below you can see my execute remote statement is within a stored procedure. Which I've seen elsewhere online.
CREATE PROCEDURE [admin].[InsertThreadProcessingDataIntoLoadTable]
(
#ThreadID VARCHAR(100)
, #DataLoadSchemaID INT OUTPUT
, #DateFrom CHAR(8) OUTPUT
, #DateTo CHAR(8) OUTPUT
, #DatabaseName VARCHAR(100)
)
AS BEGIN
SET NOCOUNT ON
DECLARE #IsBatchLoad BIT
SET #IsBatchLoad = CASE 'NO' WHEN 'YES' THEN 1 ELSE 0 END
Exec sp_execute_remote #data_source_name = N'CRDM_Configuration',
#stmt = N'SELECT #DateFrom = CONVERT(CHAR(8),FromDate,112), #DateTo = CONVERT(CHAR(8),DATEADD(DAY,1,ToDate),112)
FROM [admin].[GetFromAndToDatesForDatabase] (#DatabaseName, #IsBatchLoad,NULL)',
#params = N'#DatabaseName VARCHAR(100), #IsBatchLoad BIT',
#DatabaseName = 'CRDMPointOfSale', #IsBatchLoad = 1;
END
As you can see above the execute remote contains a SELECT statement, the FROM is the result of a function being called ([admin].[GetFromAndToDatesForDatabase]) that is from a different database which is why i have a 'Exec sp_execute_remote' wrapped around.
Should I be specifying parameters when not directly calling a SP? Also what am i doing wrong?

In a master detail relationship how to get a list of master entities without detail entities crm 2011?

I'm using CRM 2011 and I have a 1-n relationship between EntityA(master) and EntityB(detail).
I need to get the list of EntityA records that are not related to any EntityB records. How can I accomplish this inside a plugin using query expression?
I believe this should work (See the EDIT, it doesn't work):
var qe = new QueryExpression("entitya");
var entityBLink = qe.AddLink("entityb", "entityaid", "entityaid", JoinOperator.LeftOuter);
entityBLink.LinkCriteria.AddCondition("entitybid", ConditionOperator.Null);
It should create a SQL Statement that looks something like this:
SELECT
FROM entitya
LEFT OUTER JOIN entityb on entitya.entityaid = entityb.entityaid
AND ( entityb.entitybid IS NULL )
EDIT - Working version
var qe = new QueryExpression("entitya");
var entityBLink = qe.AddLink("entityb", "entityaid", "entityaid", JoinOperator.LeftOuter);
entityBLink.Columns.AddColumn("entitybid");
var entities = service.RetrieveMultiple(qe).Entities.
Where(e => !e.Attributes.Keys.Any(k => k.EndsWith(".entitybid"))).
Select(e => e.ToEntity<entitya>());
The SQL statement for the first query does get generated as is, but since the null check is on the join and it is a left join, all EnityA entities get returned.
The bad news is in CRM there is no way to perform a sub query, or specify in the where clause, a linked entity's properties. I really hope Microsoft spends some time with the next major release adding this type of functionality.
You can however perform the filter on the client side, which is what the C# code is doing above.

Get permissions for stored procedure in sybase

How do I get the granted permissions for a stored procedure in sybase?
It depends on the form that you want that info in.
If you are writing SQL for some internal purpose, and you need that info as data for it, Kolchanov's answer is correct.
If you are merely performing DBA functions, then any number of DBA GUI tools (SybaseCentral comes with the CD; DBArtisan is much better) provide that info via an explorer window and clicks
If you only have character based access, use
sp_helprotect proc_name
Link to Sybase Online Manuals
Then go to: Adaptive Server Enterprise 15.5/Reference Manual: Procedures, nd follow the explorer.
If I wanted to check the permissions for object "whatever_[table|procedure]", I would run the following query:
Example for "whatever" being a table
Displaying result for:
---------------------
select permission = a.name
from master.dbo.spt_values a
, master.dbo.spt_values b
, sysprotects p
, sysobjects o
where a.type = "T"
and a.number = p.action
and b.type = "T"
and b.number = (p.protecttype + 204)
and o.id = p.id
and o.name = 'whatever_table'
permission
----------------------------
References
Select
Insert
Delete
Update
5 Row(s) affected
Example for "whatever" being a stored procedure
Displaying result for:
---------------------
select permission = a.name
from master.dbo.spt_values a
, master.dbo.spt_values b
, sysprotects p
, sysobjects o
where a.type = "T"
and a.number = p.action
and b.type = "T"
and b.number = (p.protecttype + 204)
and o.id = p.id
and o.name = 'whatever_procedure'
permission
----------------------------
Execute
1 Row(s) affected
Adaptive Server Enterprise 15.5 > Reference Manual: Tables > System Tables
sysprotects
sysprotects contains information on permissions that have been granted to, or revoked from, users, groups, and roles.
http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc36274.1550/html/tables/X16615.htm

Query Trac for all tickets related to a user

How do I query for all trac tickets related to a user. i.e. all tickets for which the tickets were once assigned, assigned now, created , etc etc
Create custom queries to the ticket_change table. Some SQL required. For assigned once/now, look for rows where field='owner', newvalue column contains the user name the ticket was assigned to. For created tickets, just query by reporter in the ticket table.
Example:
SELECT p.value AS __color__,
id AS ticket, summary, component, version, milestone,
t.type AS type, priority, t.time AS created,
changetime AS _changetime, description AS _description,
reporter AS _reporter
FROM ticket t, enum p, ticket_change c
WHERE p.name = t.priority AND p.type = 'priority'
AND c.field = 'owner'
AND c.newvalue = '$USER'
AND c.ticket = t.id
ORDER BY p.value, milestone, t.type, t.time
You can express this with a TraqQuery expression. E.g. if you want the columns id, summary and status to show up and query all the tickets for the currently logged in user ($USER) then use the following query.
query:?col=id
&
col=summary
&
col=status
&
owner=$USER
However this query assumes that the owner hasn't been the same during the lifetime of a ticket (since ownership can be changed).
If you want a specific user then replace $USER with the actual username. Also if you're using the Agilo plugin you can easily create new queries on the fly via the web-UI. This is done by looking at a report and adding filters to the report.

Resources