CRM PrincipalObjectAccess(POA)
PrincipalObjectAccess (POA) table is an important table which holds all grants share on CRM objects. This is just for understanding purpose.
SELECT TOP 100
[PrincipalObjectAccessId]
,[PrincipalId]
,[PrincipalTypeCode]
,[ObjectId]
,[ObjectTypeCode]
,[AccessRightsMask]
,[InheritedAccessRightsMask]
FROM
[PrincipalObjectAccess] WITH (NOLOCK)
PrincipalObjectAccessId – The GUID of share record.
PrincipalId – The GUID of the User or Team receiving the Share.
PrincipalTypeCode – indicates whether it’s a User or Team. -- 8 user 9 team
ObjectId – The GUID of the specific object being shared.
ObjectTypeCode – The object type of the record being shared.
AccessRightsMask – This field stores the rights granted directly via the ‘Sharing’ dialog.
InheritedAccessRightsMask – The rights applied by the system through cascading or reassignment processes are stored in this field.
check microsoft queryto control this table data..
InheritedAccessRightsMask – The rights applied by the system through cascading or reassignment processes are stored in this field.
1 User
2 Business Unit
4 Parent: Child
8 Organization
Decoding the RightsMask Fields (AccessRightsMask and InheritedAccessRightsMask)
0 No permission
1 Read
2 Write
4 Append
16 AppendTo
32 Create
65536 Delete
262144 Share
524288 Assign
134217728 Undocumented
for example
852023 (1+2+4+16+32+65536+262144+524288) - ALL documneted permissions
Whenever a record is shared against a User or a Team, CRM will be tracking those entries in PincipalObjectAccess table and same will be queried using FilteredView.
FilteredAccount View part of code
or
[Account].[AccountId] in
(
select POA.ObjectId from PrincipalObjectAccess POA
join SystemUserPrincipals sup (NOLOCK) on POA.PrincipalId = sup.PrincipalId
where sup.SystemUserId = u.SystemUserId and
POA.ObjectTypeCode = 1 and
((POA.AccessRightsMask | POA.InheritedAccessRightsMask) & 1)=1
) ---Get the total number of shared records
SELECT COUNT(0) FROM PrincipalObjectAccess --Get the total number of shared records grouped by Entity
SELECT EV.NAME AS [ENTITY NAME],COUNT(POA.OBJECTTYPECODE) AS [RECORDS COUNT]
FROM PRINCIPALOBJECTACCESS POA
INNER JOIN ENTITYLOGICALVIEW EV ON EV.OBJECTTYPECODE = POA.OBJECTTYPECODE
GROUP BY EV.NAME
ORDER BY 2 DESC --Get the total number of shared records grouped by User
SELECT SU.FULLNAME AS [USER NAME],COUNT(POA.OBJECTTYPECODE) AS [RECORDS COUNT]
FROM PRINCIPALOBJECTACCESS POA
INNER JOIN SYSTEMUSER SU ON POA.PRINCIPALID= SU.SYSTEMUSERID
GROUP BY SU.FULLNAME
ORDER BY 2 DESC --Get the total number of shared records grouped by Entity and User
SELECT SU.FULLNAME AS [USER NAME],EV.NAME AS [ENTITY NAME],COUNT(POA.OBJECTTYPECODE) AS [RECORDS COUNT]
FROM PRINCIPALOBJECTACCESS POA
INNER JOIN SYSTEMUSER SU ON POA.PRINCIPALID= SU.SYSTEMUSERID
INNER JOIN ENTITYLOGICALVIEW EV ON EV.OBJECTTYPECODE = POA.OBJECTTYPECODE
GROUP BY SU.FULLNAME,EV.NAME
ORDER BY 1 SELECT DISTINCT name, objecttypecode
FROM [CRMORGDB_MSCRM].[MetadataSchema].[Entity]
ORDER BY name ASC select distinct
case
when POA.[PrincipalTypeCode] = 8 then
'User'
when POA.[PrincipalTypeCode] = 9
and TEAM.[TeamType] = 0 then
'Owner Team'
when POA.[PrincipalTypeCode] = 9
and TEAM.[TeamType] = 1 then
'Access Team'
else
'Other'
end as 'PrincipalType'
, coalesce(USERID.[FirstName], TEAM.[Name]) as PrincipalName
, POA.[ObjectTypeCode]
, ENTITY.[OriginalLocalizedName]
, POA.[ObjectId]
, POA.[AccessRightsMask]
, POA.[InheritedAccessRightsMask]
, POA.[ChangedOn]
, POA.[PrincipalTypeCode]
, POA.[PrincipalId]
from KYGF_MSCRM.[dbo].[PrincipalObjectAccess] as POA
left outer join KYGF_MSCRM.[dbo].[SystemUserBase] as USERID
on POA.[PrincipalId] = USERID.[SystemUserId]
left outer join KYGF_MSCRM.[dbo].[TeamBase] as TEAM
on POA.[PrincipalId] = TEAM.[TeamId]
left outer join KYGF_MSCRM.[MetadataSchema].[Entity] as ENTITY
on POA.[ObjectTypeCode] = ENTITY.[ObjectTypeCode]
where POA.[PrincipalTypeCode] in ( 8, 9 )
and POA.[ObjectTypeCode] = 2
and POA.ObjectId = 'C84FBA58-8CCB-DF11-9176-02BF0AC9DF07';
最新文章
- PADS从原理图到PCB整体简易流程
- 教你手工mysql拆库
- python os.system()返回值判断
- Linux 查看系统用户的登录日志
- java反射之Class.getMethod与getDeclaredMethods()区别
- 剑指offer系列44---只出现一次 的数字
- SRF之日志和异常
- footer居底
- AngularJS(5)-Http
- shell编程的一些例子3
- 关于找不到stdafx.h头文件问题
- Windows Server 2016-WinSer2016 Active Directory新增功能
- 阿里云API网关(17)签名算法
- PHP使用CURL抓取网页
- vue项目全局引入vue-awesome-swiper插件做出轮播效果
- React Router API文档
- MySQL 8.0 新增SQL语法对窗口函数和CTE的支持
- 【bzoj3039】玉蟾宫 悬线法
- form_tag
- 在Github上搭建博客
热门文章
- SVG中的'defs' and 'use'-可复用的图元定义
- unity, 挖洞特效
- 【转】第6篇:Xilium CefGlue 关于 CLR Object 与 JS 交互类库封装报告:自动注册JS脚本+自动反射方法分析
- 控制DIV占满屏幕
- PowerShell连接中国Azure
- Redis性能测试工具benchmark简介
- bzoj2592: [Usaco2012 Feb]Symmetry
- Puppet Agent/Master HTTPS Communications
- [Issue]repo/repo init-解决同步源码Cannot get http://gerrit.googlesource.com/git-repo/clone.bundle
- 黄聪:Mysql数据库还原备份提示MySQL server has gone away 的解决方法(备份文件数据过大)