Retrieving the Privileges of a User in Dynamics 365

Isaac Stephens, 14 February 2022

When working on a system recently we had an issue where we were querying the privileges of users to determine whether or not they have the privilege to do something (e.g. update a record). For some users this was not working as expected and the query was returning no privileges even though the users had many security roles. The fetchXML is shown below:


After some further investigation, we realised that all the users it was failing for were in the same business unit. Furthermore, this business unit was not the root BU. Although we were sure this was the issue, we were still not sure why/how. The problem lies in the way security roles work, security roles are made at the root BU level and then each BU has their own ‘copy’. This means that since these users were in a child BU we could not link the role entity from the roleid we had to link from the parentrootroleid. Below is the updated FetchXML with the updated role link-entity.

The fix is quick and simple, all you need to do is swap the link-entity line below with the next line

<link-entity name="role" from="parentrootroleid" to="roleid" link-type="inner" alias="r">

<link-entity name="role" from="roleid" to="roleid" link-type="inner" alias="r">

The rest of the fetchXML stays the same as we are still linking on the same entity just a different relationship!

Now that we have the correct fetchXML we can always retrieve the specific privileges of a User! The great thing about the parentrootroleid link is that it will always have a value no matter if the user is in a root BU or a child BU!