Question
Entity
EntitySchemaQuery
EntitySchemaManager
8.0
CRUD operations without user permissions from C# backend
Alexey
14:46 Nov 13, 2024

Good day, colleagues.

 

When attempting to create a record in a related object using User-Task, I receive the error "Insufficient permissions to add record in object 'SomeObject'." Current permissions for this user in "SomeObject" are set to Read-only. However, when using the classes new EntitySchemaQuery(), new Entity(), and userConnection.EntitySchemaManager.GetInstanceByName("Entity_Name"), I set the UseAdminRights property to true.

 

I have used three different approaches:

 

1.
new SomeEntity(_userConnection)
{
   UseAdminRights = true
}

 

2.
new EntitySchemaQuery()
{
  UseAdminRights = true
}

 

3.
EntitySchema instanceByName = _uc.EntitySchemaManager.GetInstanceByName(typeof(EntityType).Name);
instanceByName.UseDenyRecordRights = true;

 

None of these have successfully created or retrieved the record. I request assistance in figuring out how to forcibly disable permission checks for any CRUD operations on the backend.

Like 0

Like

4 comments
Oleg Drobina
16:21 Nov 13, 2024

Hi,

 

Example from the OmnichannelContactIdentifier (OmnichannelMessaging package):

 

var esq = new EntitySchemaQuery(UserConnection.EntitySchemaManager, "ContactIdentity") {
                UseAdminRights = false
            };
            esq.PrimaryQueryColumn.IsAlwaysSelect = true;
            esq.AddColumn("Contact");
            esq.AddColumn("Channel");

...

Please try this approach of specifying the UseAdminRights flag for the server esq.

Ryan Farley
17:50 Nov 13, 2024

In addition to Oleg's response, you can also use the Select, Insert, Update, etc classes, they bypass security since they are executing direct in the database. See https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platform/8.1/direct-access-references

Also, you can get the SystemUserConnection to use for the ESQ.

Harvey Adcock
19:43 Nov 13, 2024

Also worth noting for people who haven't used the Select, Insert, Update etc classes, they bypass all Creatio application logic, so things like Business Process triggers on record creation or update too. They are very useful, but need to be aware of that to avoid issues.

Robert Pordes
15:26 Nov 18, 2024

One more detail, if it isn't clear by now: the UseAdminRights flag doesn't mean "use the permissions of the administrator"...actually, the opposite is the case. It means "enable the usage of permissions".
I find the wording pretty misleading, but that's how it is ;)

Show all comments
Subscribe to EntitySchemaManager