AXForum  
Вернуться   AXForum > Microsoft Dynamics CRM > Dynamics CRM: Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 19.03.2018, 17:11   #1  
Blog bot is offline
Blog bot
Участник
 
25,631 / 848 (80) +++++++
Регистрация: 28.10.2006
crmtipoftheday: Tip #1089: User Delete Privileges Stretch Further Than You Think
Источник: https://crmtipoftheday.com/1089/user...han-you-think/
==============

This one was discovered by my KPMG partners in crime Fiona Whiteing and Jijeesh Kunhiraman on a recent project. As you may know, for a record such as a Contact, if I own the record, I can see the child Activities whether my security role gives me permission or not. I do not know if this obscure exception to record level security has a name. I call it ‘inherited security’. In fact it also works for Team ownership; if I am a member of a Team which owns a Contact, I can see the Activities of that Contact whether my security role (or the Team’s security role) allows me to or not.

If you did not know the above, end here and walk away intellectually nourished by an informative tip. If you did know the above, here is the twist. Let us say you are a member of a Team which owns a Contact and you can see the associated Activities thanks to inherited security. Let is assume none of the Activities are yours. If I now give your User record’s Security Role User-level delete privileges to Activities, you can now delete all those child Activities. Even though they are owned by other people and you can only see them because the Activities are on a Contact, owned by a Team which you are a member, you still get to blow them away.

Somehow inherited security amplifies the User-level delete privilege to work on any child record it renders visible, regardless of the actual owner. Is this a bug? Maybe. My guess is, as inherited security pre-dates the introduction of Team ownership in Dynamics, the subtle nuances of the two combining were not fully tested and give rise to unusual results. The moral of this tip? If you are securing records and inherited security is involved, make sure you test everything within an inch of its life.



Источник: https://crmtipoftheday.com/1089/user...han-you-think/
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
crmtipoftheday: Tip #1080: Setting KPIs for user adoption Blog bot Dynamics CRM: Blogs 0 21.02.2018 04:31
crmtipoftheday: Tip #1060: Quickly create vector/SVG images for Dynamics 365 Blog bot Dynamics CRM: Blogs 0 24.01.2018 22:11
Kriki: Delete a User-record deletes “User Property” and “Access Control” without using C/AL triggers Blog bot NAV: Blogs 0 15.05.2016 18:12
wiki.dynamicsbook: Changes Made in Navision Attain 3.60 Blog bot Dynamics CRM: Blogs 0 02.09.2008 13:23

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 10:12.