Question
Object Permissions
Client-side
SDK
model

Check object permission for an entity from client-side

Mohamed Hashim
09:57 Jan 07, 2026

Hi,

Is there a way to check object permissions via client side. I tried using sdk.Model class which has a method called canDelete . But it isn't working.  Does anyone have a workaround for this?

Thanks in advance for your support.

Like 0

Like

2 comments
Best reply
Eduard Dovydovskyi
22:21 Jan 16, 2026

Hello!

As a workaround, you can send HTTP POST requests to the /rest/RightsService/GetCanEdit and /rest/RightsService/GetCanDelete endpoints instead of using sdk.Model.canSave and sdk.Model.canDelete, which are currently not working.

If the user has permission to edit or delete the record, the GetCanEditResult or GetCanDeleteResult response will be empty.

Here is an example:

const httpClientService = new sdk.HttpClientService();
const recordId = await request.$context.Id;
const pds = await request.$context.getPrimaryModelName();
const schemaName = request.$context.dataSchemas[pds].name;
 
const canDeleteEndpoint = 'rest/RightsService/GetCanDelete';
const canDeleteBody = {
    schemaName: schemaName,
    primaryColumnValue: recordId
};
 
const canDeleteResponse = recordId ? await httpClientService.post(canDeleteEndpoint, canDeleteBody) : null;
const canDelete = canDeleteResponse.body.GetCanDeleteResult.length === 0;
console.log("Can delete record " + recordId + "? - " + canDelete);
 
const canEditEndpoint = 'rest/RightsService/GetCanEdit';
const canEditBody = {
    isNew: false,
    schemaName: schemaName,
    primaryColumnValue: recordId
};
 
const canEditResponse = recordId ? await httpClientService.post(canEditEndpoint, canEditBody) : null;
const canEdit = canEditResponse.body.GetCanEditResult.length === 0;
console.log("Can edit record " + recordId + "? - " + canEdit);
Eduard Dovydovskyi
22:21 Jan 16, 2026

Hello!

As a workaround, you can send HTTP POST requests to the /rest/RightsService/GetCanEdit and /rest/RightsService/GetCanDelete endpoints instead of using sdk.Model.canSave and sdk.Model.canDelete, which are currently not working.

If the user has permission to edit or delete the record, the GetCanEditResult or GetCanDeleteResult response will be empty.

Here is an example:

const httpClientService = new sdk.HttpClientService();
const recordId = await request.$context.Id;
const pds = await request.$context.getPrimaryModelName();
const schemaName = request.$context.dataSchemas[pds].name;
 
const canDeleteEndpoint = 'rest/RightsService/GetCanDelete';
const canDeleteBody = {
    schemaName: schemaName,
    primaryColumnValue: recordId
};
 
const canDeleteResponse = recordId ? await httpClientService.post(canDeleteEndpoint, canDeleteBody) : null;
const canDelete = canDeleteResponse.body.GetCanDeleteResult.length === 0;
console.log("Can delete record " + recordId + "? - " + canDelete);
 
const canEditEndpoint = 'rest/RightsService/GetCanEdit';
const canEditBody = {
    isNew: false,
    schemaName: schemaName,
    primaryColumnValue: recordId
};
 
const canEditResponse = recordId ? await httpClientService.post(canEditEndpoint, canEditBody) : null;
const canEdit = canEditResponse.body.GetCanEditResult.length === 0;
console.log("Can edit record " + recordId + "? - " + canEdit);
Mohamed Hashim
09:15 Jan 19, 2026

Eduard Dovydovskyi,

Thank you ! 

Show all comments