Sample: Determine whether a user has a role

 

Applies To: Dynamics CRM 2013

This sample code is for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online. Download the Microsoft Dynamics CRM SDK package. It can be found in the following location in the download package::

SampleCode\CS\BusinessDataModel\UsersAndRoles\DoesUserBelongToRole.cs

SampleCode\VB\BusinessDataModel\UsersAndRoles\DoesUserBelongToRole.vb

Requirements

For more information about the requirements for running the sample code provided in this SDK, see Use the sample and helper code.

Demonstrates

This sample shows how to determine whether a user in Microsoft Dynamics CRM has been associated with a specific role. This is performed by using a query with the IOrganizationService.RetrieveMultiple method. A snippet that shows the key sections of the sample is shown first, followed by the Complete Sample Code. Note that this sample can only be run in an on-premises environment because it creates a user. However, the section of the sample that demonstrates retrieving the roles for a user will work for all environments.

Example


// Connect to the Organization service. 
// The using statement assures that the service proxy will be properly disposed.
using (_serviceProxy = ServerConnection.GetOrganizationProxy(serverConfig))
{
    _serviceProxy.EnableProxyTypes();

    CreateRequiredRecords();


    // Retrieve a user.
    SystemUser user = _serviceProxy.Retrieve(SystemUser.EntityLogicalName,
        _userId, new ColumnSet(new String [] {"systemuserid", "firstname", "lastname"})).ToEntity<SystemUser>();

    if (user != null)
    {
        Console.WriteLine("{1} {0} user account is retrieved.", user.LastName, user.FirstName);
        // Find a role.
        QueryExpression query = new QueryExpression
        {
            EntityName = Role.EntityLogicalName,
            ColumnSet = new ColumnSet("roleid"),
            Criteria = new FilterExpression
            {
                Conditions =
                {

                    new ConditionExpression
                    {
                        AttributeName = "name",
                        Operator = ConditionOperator.Equal,
                        Values = {_givenRole}
                    }
                }
            }
        };

        // Get the role.
        EntityCollection givenRoles = _serviceProxy.RetrieveMultiple(query);

        if (givenRoles.Entities.Count > 0)
        {
            Role givenRole = givenRoles.Entities[0].ToEntity<Role>();

            Console.WriteLine("Role {0} is retrieved.", _givenRole);

            Console.WriteLine("Checking association between user and role.");
            // Establish a SystemUser link for a query.
            LinkEntity systemUserLink = new LinkEntity()
            {
                LinkFromEntityName = SystemUserRoles.EntityLogicalName,
                LinkFromAttributeName = "systemuserid",
                LinkToEntityName = SystemUser.EntityLogicalName,
                LinkToAttributeName = "systemuserid",
                LinkCriteria =
                {
                    Conditions =
                    {
                        new ConditionExpression(
                            "systemuserid", ConditionOperator.Equal, user.Id)
                    }
                }
            };

            // Build the query.
            QueryExpression linkQuery = new QueryExpression()
            {
                EntityName = Role.EntityLogicalName,
                ColumnSet = new ColumnSet("roleid"),
                LinkEntities =
                {
                    new LinkEntity()
                    {
                        LinkFromEntityName = Role.EntityLogicalName,
                        LinkFromAttributeName = "roleid",
                        LinkToEntityName = SystemUserRoles.EntityLogicalName,
                        LinkToAttributeName = "roleid",
                        LinkEntities = {systemUserLink}
                    }
                },
                Criteria =
                {
                    Conditions =
                    {
                        new ConditionExpression("roleid", ConditionOperator.Equal, givenRole.Id)
                    }
                }
            };

            // Retrieve matching roles.
            EntityCollection matchEntities = _serviceProxy.RetrieveMultiple(linkQuery);

            // if an entity is returned then the user is a member
            // of the role
            Boolean isUserInRole = (matchEntities.Entities.Count > 0);

            if(isUserInRole)
                Console.WriteLine("User do not belong to the role.");
            else
                Console.WriteLine("User belong to this role.");

        }
    }
}

' Connect to the Organization service. 
' The using statement assures that the service proxy is properly disposed.
_serviceProxy = ServerConnection.GetOrganizationProxy(serverConfig)
Using _serviceProxy
    _serviceProxy.EnableProxyTypes()

    CreateRequiredRecords()


    ' Retrieve a user.
    Dim user As SystemUser = _serviceProxy.Retrieve(
        SystemUser.EntityLogicalName, _userId,
        New ColumnSet(New String() {"systemuserid",
                                    "firstname",
                                    "lastname"})).ToEntity(Of SystemUser)()

    If user IsNot Nothing Then
        Console.WriteLine("{1} {0} user account is retrieved.",
                          user.LastName, user.FirstName)
        ' Find a role.
        Dim query As QueryExpression =
            New QueryExpression With
            {
                .EntityName = Role.EntityLogicalName,
                .ColumnSet = New ColumnSet("roleid")
            }
        query.Criteria.AddCondition(
            New ConditionExpression("name", ConditionOperator.Equal, {_givenRole}))

        ' Get the role.
        Dim givenRoles As EntityCollection = _serviceProxy.RetrieveMultiple(query)

        If givenRoles.Entities.Count > 0 Then
            Dim givenRole As Role = givenRoles.Entities(0).ToEntity(Of Role)()

            Console.WriteLine("Role {0} is retrieved.", _givenRole)

            Console.WriteLine("Checking association between user and role.")
            ' Establish a SystemUser link for a query.
            Dim systemUserLink As New LinkEntity() With
                {
                    .LinkFromEntityName = SystemUserRoles.EntityLogicalName,
                    .LinkFromAttributeName = "systemuserid",
                    .LinkToEntityName = SystemUser.EntityLogicalName,
                    .LinkToAttributeName = "systemuserid"
                }
            systemUserLink.LinkCriteria.AddCondition(
                New ConditionExpression("systemuserid", ConditionOperator.Equal, user.Id))

            ' Build the query.
            Dim linkQuery As New QueryExpression() With
                {
                    .EntityName = Role.EntityLogicalName,
                    .ColumnSet = New ColumnSet("roleid")
                }
            Dim linkEntityForQuery As New LinkEntity With
                {
                    .LinkFromAttributeName = "roleid",
                    .LinkFromEntityName = Role.EntityLogicalName,
                    .LinkToEntityName = SystemUserRoles.EntityLogicalName,
                    .LinkToAttributeName = "roleid"
                }
            linkEntityForQuery.LinkEntities.Add(systemUserLink)
            linkQuery.LinkEntities.Add(linkEntityForQuery)
            linkQuery.Criteria.AddCondition(
                New ConditionExpression("roleid", ConditionOperator.Equal, givenRole.Id))
            ' Retrieve matching roles.
            Dim matchEntities As EntityCollection = _serviceProxy.RetrieveMultiple(linkQuery)

            ' If an entity is returned, then the user is a member
            ' of the role.
            Dim isUserInRole As Boolean = (matchEntities.Entities.Count > 0)

            If isUserInRole Then
                Console.WriteLine("User do not belong to the role.")
            Else
                Console.WriteLine("User belong to this role.")
            End If

        End If
    End If
End Using

Complete Sample Code


using System;
using System.ServiceModel;
using System.ServiceModel.Description;

// These namespaces are found in the Microsoft.Xrm.Sdk.dll assembly
// located in the SDK\bin folder of the SDK download.
using Microsoft.Xrm.Sdk;
using Microsoft.Xrm.Sdk.Query;
using Microsoft.Xrm.Sdk.Client;
using Microsoft.Crm.Sdk.Messages;

namespace Microsoft.Crm.Sdk.Samples
{
    /// <summary>
    /// Demonstrates how to check a role association with the system user.
    /// </summary>
    /// <remarks>
    /// At run-time, you will be given the option to revert the role 
    /// association created by this program.</remarks>
    public class DoesUserBelongToRole
    {
        #region Class Level Members

        // Define the IDs needed for this sample.
        private Guid _userId;
        private OrganizationServiceProxy _serviceProxy;
        private String _givenRole = "salesperson";
        #endregion Class Level Members

        #region How To Sample Code
        /// <summary>
        /// This method first connects to the Organization service. Afterwards,
        /// creates/retrieve a system user,
        /// retrieve a system user to check if it is associate with the salesperson role. 
        /// Note: Creating a user is only supported
        /// in on-premises/active directory environment.
        /// </summary>
        /// <param name="serverConfig">Contains server connection information.</param>
        /// <param name="promptforDelete">When True, the user will be prompted to delete all
        /// created entities.</param>
        public void Run(ServerConnection.Configuration serverConfig, bool promptforDelete)
        {
            try
            {
                // Connect to the Organization service. 
                // The using statement assures that the service proxy will be properly disposed.
                using (_serviceProxy = ServerConnection.GetOrganizationProxy(serverConfig))
                {
                    _serviceProxy.EnableProxyTypes();

                    CreateRequiredRecords();


                    // Retrieve a user.
                    SystemUser user = _serviceProxy.Retrieve(SystemUser.EntityLogicalName,
                        _userId, new ColumnSet(new String [] {"systemuserid", "firstname", "lastname"})).ToEntity<SystemUser>();

                    if (user != null)
                    {
                        Console.WriteLine("{1} {0} user account is retrieved.", user.LastName, user.FirstName);
                        // Find a role.
                        QueryExpression query = new QueryExpression
                        {
                            EntityName = Role.EntityLogicalName,
                            ColumnSet = new ColumnSet("roleid"),
                            Criteria = new FilterExpression
                            {
                                Conditions =
                                {

                                    new ConditionExpression
                                    {
                                        AttributeName = "name",
                                        Operator = ConditionOperator.Equal,
                                        Values = {_givenRole}
                                    }
                                }
                            }
                        };

                        // Get the role.
                        EntityCollection givenRoles = _serviceProxy.RetrieveMultiple(query);

                        if (givenRoles.Entities.Count > 0)
                        {
                            Role givenRole = givenRoles.Entities[0].ToEntity<Role>();

                            Console.WriteLine("Role {0} is retrieved.", _givenRole);

                            Console.WriteLine("Checking association between user and role.");
                            // Establish a SystemUser link for a query.
                            LinkEntity systemUserLink = new LinkEntity()
                            {
                                LinkFromEntityName = SystemUserRoles.EntityLogicalName,
                                LinkFromAttributeName = "systemuserid",
                                LinkToEntityName = SystemUser.EntityLogicalName,
                                LinkToAttributeName = "systemuserid",
                                LinkCriteria =
                                {
                                    Conditions =
                                    {
                                        new ConditionExpression(
                                            "systemuserid", ConditionOperator.Equal, user.Id)
                                    }
                                }
                            };

                            // Build the query.
                            QueryExpression linkQuery = new QueryExpression()
                            {
                                EntityName = Role.EntityLogicalName,
                                ColumnSet = new ColumnSet("roleid"),
                                LinkEntities =
                                {
                                    new LinkEntity()
                                    {
                                        LinkFromEntityName = Role.EntityLogicalName,
                                        LinkFromAttributeName = "roleid",
                                        LinkToEntityName = SystemUserRoles.EntityLogicalName,
                                        LinkToAttributeName = "roleid",
                                        LinkEntities = {systemUserLink}
                                    }
                                },
                                Criteria =
                                {
                                    Conditions =
                                    {
                                        new ConditionExpression("roleid", ConditionOperator.Equal, givenRole.Id)
                                    }
                                }
                            };

                            // Retrieve matching roles.
                            EntityCollection matchEntities = _serviceProxy.RetrieveMultiple(linkQuery);

                            // if an entity is returned then the user is a member
                            // of the role
                            Boolean isUserInRole = (matchEntities.Entities.Count > 0);

                            if(isUserInRole)
                                Console.WriteLine("User do not belong to the role.");
                            else
                                Console.WriteLine("User belong to this role.");

                        }
                    }
                }
            }
            // Catch any service fault exceptions that Microsoft Dynamics CRM throws.
            catch (FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault>)
            {
                // You can handle an exception here or pass it back to the calling method.
                throw;
            }
        }

        /// <summary>
        /// Creates any entity records that this sample requires.
        /// </summary>
        public void CreateRequiredRecords()
        {
            // For this sample, all required entities are created in the Run() method.
            // Create/Retrieve a user.
            _userId = SystemUserProvider.RetrieveAUserWithoutAnyRoleAssigned(_serviceProxy);

            if (_userId != Guid.Empty)
                Console.WriteLine("{0} user retrieved.", _userId);
        }

        #endregion How To Sample Code

        #region Main method

        /// <summary>
        /// Standard Main() method used by most SDK samples.
        /// </summary>
        /// <param name="args"></param>
        static public void Main(string[] args)
        {
            try
            {
                // Obtain the target organization's Web address and client logon 
                // credentials from the user.
                ServerConnection serverConnect = new ServerConnection();
                ServerConnection.Configuration config = serverConnect.GetServerConfiguration();

                DoesUserBelongToRole app = new DoesUserBelongToRole();
                app.Run(config, true);
            }
            catch (FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault> ex)
            {
                Console.WriteLine("The application terminated with an error.");
                Console.WriteLine("Timestamp: {0}", ex.Detail.Timestamp);
                Console.WriteLine("Code: {0}", ex.Detail.ErrorCode);
                Console.WriteLine("Message: {0}", ex.Detail.Message);
                Console.WriteLine("Trace: {0}", ex.Detail.TraceText);
                Console.WriteLine("Inner Fault: {0}",
                    null == ex.Detail.InnerFault ? "No Inner Fault" : "Has Inner Fault");
            }
            catch (System.TimeoutException ex)
            {
                Console.WriteLine("The application terminated with an error.");
                Console.WriteLine("Message: {0}", ex.Message);
                Console.WriteLine("Stack Trace: {0}", ex.StackTrace);
                Console.WriteLine("Inner Fault: {0}",
                    null == ex.InnerException.Message ? "No Inner Fault" : ex.InnerException.Message);
            }
            catch (System.Exception ex)
            {
                Console.WriteLine("The application terminated with an error.");
                Console.WriteLine(ex.Message);

                // Display the details of the inner exception.
                if (ex.InnerException != null)
                {
                    Console.WriteLine(ex.InnerException.Message);

                    FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault> fe = ex.InnerException
                        as FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault>;
                    if (fe != null)
                    {
                        Console.WriteLine("Timestamp: {0}", fe.Detail.Timestamp);
                        Console.WriteLine("Code: {0}", fe.Detail.ErrorCode);
                        Console.WriteLine("Message: {0}", fe.Detail.Message);
                        Console.WriteLine("Trace: {0}", fe.Detail.TraceText);
                        Console.WriteLine("Inner Fault: {0}",
                            null == fe.Detail.InnerFault ? "No Inner Fault" : "Has Inner Fault");
                    }
                }
            }
            // Additional exceptions to catch: SecurityTokenValidationException, ExpiredSecurityTokenException,
            // SecurityAccessDeniedException, MessageSecurityException, and SecurityNegotiationException.
            finally
            {
                Console.WriteLine("Press <Enter> to exit.");
                Console.ReadLine();
            }
        }
        #endregion Main method
    }
}

Imports System.ServiceModel
Imports System.ServiceModel.Description

' These namespaces are found in the Microsoft.Xrm.Sdk.dll assembly
' located in the SDK\bin folder of the SDK download.
Imports Microsoft.Xrm.Sdk
Imports Microsoft.Xrm.Sdk.Query
Imports Microsoft.Xrm.Sdk.Client
Imports Microsoft.Crm.Sdk.Messages

Namespace Microsoft.Crm.Sdk.Samples
    ''' <summary>
    ''' Demonstrates how to check a role association with the system user.
    ''' </summary>
    ''' <remarks>
    ''' At run-time, you will be given the option to revert the role 
    ''' association created by this program.</remarks>
    Public Class DoesUserBelongToRole
        #Region "Class Level Members"

        ' Define the IDs needed for this sample.
        Private _userId As Guid
        Private _serviceProxy As OrganizationServiceProxy
        Private _givenRole As String = "salesperson"
        #End Region ' Class Level Members

        #Region "How To Sample Code"
        ''' <summary>
        ''' This method first connects to the Organization service. Afterwards, it
        ''' creates/retrieves a system user, and 
        ''' retrieves a system user to check if it is associate with the salesperson role. 
        ''' Note: Creating a user is only supported
        ''' in an on-premises/active directory environment.
        ''' </summary>
        ''' <param name="serverConfig">Contains server connection information.</param>
        ''' <param name="promptforDelete">When True, the user is prompted to delete all
        ''' created entities.</param>
        Public Sub Run(ByVal serverConfig As ServerConnection.Configuration,
                       ByVal promptforDelete As Boolean)
            Try
                ' Connect to the Organization service. 
                ' The using statement assures that the service proxy is properly disposed.
                _serviceProxy = ServerConnection.GetOrganizationProxy(serverConfig)
                Using _serviceProxy
                    _serviceProxy.EnableProxyTypes()

                    CreateRequiredRecords()


                    ' Retrieve a user.
                    Dim user As SystemUser = _serviceProxy.Retrieve(
                        SystemUser.EntityLogicalName, _userId,
                        New ColumnSet(New String() {"systemuserid",
                                                    "firstname",
                                                    "lastname"})).ToEntity(Of SystemUser)()

                    If user IsNot Nothing Then
                        Console.WriteLine("{1} {0} user account is retrieved.",
                                          user.LastName, user.FirstName)
                        ' Find a role.
                        Dim query As QueryExpression =
                            New QueryExpression With
                            {
                                .EntityName = Role.EntityLogicalName,
                                .ColumnSet = New ColumnSet("roleid")
                            }
                        query.Criteria.AddCondition(
                            New ConditionExpression("name", ConditionOperator.Equal, {_givenRole}))

                        ' Get the role.
                        Dim givenRoles As EntityCollection = _serviceProxy.RetrieveMultiple(query)

                        If givenRoles.Entities.Count > 0 Then
                            Dim givenRole As Role = givenRoles.Entities(0).ToEntity(Of Role)()

                            Console.WriteLine("Role {0} is retrieved.", _givenRole)

                            Console.WriteLine("Checking association between user and role.")
                            ' Establish a SystemUser link for a query.
                            Dim systemUserLink As New LinkEntity() With
                                {
                                    .LinkFromEntityName = SystemUserRoles.EntityLogicalName,
                                    .LinkFromAttributeName = "systemuserid",
                                    .LinkToEntityName = SystemUser.EntityLogicalName,
                                    .LinkToAttributeName = "systemuserid"
                                }
                            systemUserLink.LinkCriteria.AddCondition(
                                New ConditionExpression("systemuserid", ConditionOperator.Equal, user.Id))

                            ' Build the query.
                            Dim linkQuery As New QueryExpression() With
                                {
                                    .EntityName = Role.EntityLogicalName,
                                    .ColumnSet = New ColumnSet("roleid")
                                }
                            Dim linkEntityForQuery As New LinkEntity With
                                {
                                    .LinkFromAttributeName = "roleid",
                                    .LinkFromEntityName = Role.EntityLogicalName,
                                    .LinkToEntityName = SystemUserRoles.EntityLogicalName,
                                    .LinkToAttributeName = "roleid"
                                }
                            linkEntityForQuery.LinkEntities.Add(systemUserLink)
                            linkQuery.LinkEntities.Add(linkEntityForQuery)
                            linkQuery.Criteria.AddCondition(
                                New ConditionExpression("roleid", ConditionOperator.Equal, givenRole.Id))
                            ' Retrieve matching roles.
                            Dim matchEntities As EntityCollection = _serviceProxy.RetrieveMultiple(linkQuery)

                            ' If an entity is returned, then the user is a member
                            ' of the role.
                            Dim isUserInRole As Boolean = (matchEntities.Entities.Count > 0)

                            If isUserInRole Then
                                Console.WriteLine("User do not belong to the role.")
                            Else
                                Console.WriteLine("User belong to this role.")
                            End If

                        End If
                    End If
                End Using
                ' Catch any service fault exceptions that Microsoft Dynamics CRM throws.
            Catch fe As FaultException(Of Microsoft.Xrm.Sdk.OrganizationServiceFault)
                ' You can handle an exception here or pass it back to the calling method.
                Throw
            End Try
        End Sub

        ''' <summary>
        ''' Creates any entity records that this sample requires.
        ''' </summary>
        Public Sub CreateRequiredRecords()
            ' For this sample, all required entities are created in the Run() method.
            ' Create/retrieve a user.
            _userId = SystemUserProvider.RetrieveAUserWithoutAnyRoleAssigned(_serviceProxy)

            If _userId <> Guid.Empty Then
                Console.WriteLine("{0} user retrieved.", _userId)
            End If
        End Sub

        #End Region ' How To Sample Code

        #Region "Main method"

        ''' <summary>
        ''' Standard Main() method used by most SDK samples.
        ''' </summary>
        ''' <param name="args"></param>
        Public Shared Sub Main(ByVal args() As String)
            Try
                ' Obtain the target organization's web address and client logon 
                ' credentials from the user.
                Dim serverConnect As New ServerConnection()
                Dim config As ServerConnection.Configuration =
                    serverConnect.GetServerConfiguration()

                Dim app As New DoesUserBelongToRole()
                app.Run(config, True)
            Catch ex As FaultException(Of Microsoft.Xrm.Sdk.OrganizationServiceFault)
                Console.WriteLine("The application terminated with an error.")
                Console.WriteLine("Timestamp: {0}", ex.Detail.Timestamp)
                Console.WriteLine("Code: {0}", ex.Detail.ErrorCode)
                Console.WriteLine("Message: {0}", ex.Detail.Message)
                Console.WriteLine("Trace: {0}", ex.Detail.TraceText)
                Console.WriteLine("Inner Fault: {0}",
                                  If(Nothing Is ex.Detail.InnerFault, "No Inner Fault", "Has Inner Fault"))
            Catch ex As TimeoutException
                Console.WriteLine("The application terminated with an error.")
                Console.WriteLine("Message: {0}", ex.Message)
                Console.WriteLine("Stack Trace: {0}", ex.StackTrace)
                Console.WriteLine("Inner Fault: {0}",
                                  If(Nothing Is ex.InnerException.Message, "No Inner Fault", ex.InnerException.Message))
            Catch ex As Exception
                Console.WriteLine("The application terminated with an error.")
                Console.WriteLine(ex.Message)

                ' Display the details of the inner exception.
                If ex.InnerException IsNot Nothing Then
                    Console.WriteLine(ex.InnerException.Message)

                    Dim fe As FaultException(Of Microsoft.Xrm.Sdk.OrganizationServiceFault) =
                        TryCast(ex.InnerException, 
                            FaultException(Of Microsoft.Xrm.Sdk.OrganizationServiceFault))
                    If fe IsNot Nothing Then
                        Console.WriteLine("Timestamp: {0}", fe.Detail.Timestamp)
                        Console.WriteLine("Code: {0}", fe.Detail.ErrorCode)
                        Console.WriteLine("Message: {0}", fe.Detail.Message)
                        Console.WriteLine("Trace: {0}", fe.Detail.TraceText)
                        Console.WriteLine("Inner Fault: {0}",
                                          If(Nothing Is fe.Detail.InnerFault, "No Inner Fault", "Has Inner Fault"))
                    End If
                End If
            ' Additional exceptions to catch: SecurityTokenValidationException, ExpiredSecurityTokenException,
            ' SecurityAccessDeniedException, MessageSecurityException, and SecurityNegotiationException.
            Finally
                Console.WriteLine("Press <Enter> to exit.")
                Console.ReadLine()
            End Try
        End Sub
        #End Region ' Main method
    End Class
End Namespace

See Also

Privilege and role entities
Sample: Remove a role for a user
User and team entities
Helper code: ServerConnection class
Synchronized users in Microsoft Dynamics CRM Online and Office 365