Automating the population of an Access Team


In this example, Contoso Pharmaceutical Limited have a clinical trial approval process implemented in Dynamics 365. At design time, it isn’t known who the approvers will be for each clinical trial. So, there needs to be a way to allow approvers to be given access to clinical trials at runtime. To achieve this at runtime, from a technical point of view, approvers will need to be given access to specific cpl_clinicaltrial entity records and their associated cpl_applicationdecision child entity records. To meet this requirement, it’s been decided to use an access team and to populate it using a C# plugin.

The Solution

Referring to Figure 1, when the ‘Submit Decision’ button is pressed, John Smith will be added to the access team. This would result in John Smith being given access to the particular clinical trial and the associated application decisions.

Figure 1

Technical Implementation

This section describes the technical implementation of setting up and populating an access team via C#.

The Entities


The clinical trial entity cpl_clinicaltrial already exists so all that needs to be done is to select the ‘Access Teams’ metadata option

Figure 2

Note: when users are added to a clinical trial’s access team (which is associated to the ‘Clinical Trial – Access Team Template’. See Figure 10) they will also be able to read and updated associated application decision records. (Even if they don’t have the relevant security role privileges for the application decision entity.) This is because of cascading permissions (Figure 3) between the cpl_clinicaltrial and cpl_applicationdecision entities. (That is, since cpl_clinicaltrial has been shared, the related cpl_applicationdecision will also be shared. See Figure 9)

Figure 3

The Access Team Template

An Access Team Template is created and the required level of access is specified for the users included in the access team

Figure 4

Note: Referring to the example in the overview section, for John Smith to be able to be added to the access team, he would need to be allocated a security role that, at a minimum, has user level write, read & assign access for the clinical trial entity. (The same goes for the application decision entity.)

The C# plugin

The following C# plugin is executed when a clinical trial record is updated. The plugin is responsible for adding system users to an access team associated to a particular clinical trial

In Summary

line 34 – Retrieves the identifier for the access team template ‘Clinical Trial – Access Team Template’

line 35 – This retrieves all the users who are currently in the access team for a particular clinical trial

line 37 – This retrieves all the users who are currently part of the Clinical trial. This will include the newly added John Smith

line 44 – This adds any newly added users to the access team. In this case, it’s John Smith

Figure 5

In Detail

Expanding on line 34 of Figure 5. This function is retrieving the template ‘Clinical Trial – Access Team Template’.

Figure 6

The template is stored in the teamtemplate entity

Figure 7

Expanding on line 35 of Figure 5. The function GetClinicalTrialTemplateTeamSystemUsers retrieves all the users currently in the access team for a particular clinical trial.

Figure 8
Entity: principleobjectaccess

This entity stores information about shared records. The third row of Figure 9 shows a cpl_clinicaltrial record that is shared with an access team. The fourth row shows a record which is also shared with the access team because of its inherited access rights

principalid = The GUID of the team (e.g. access team) or user with who the record has been
objecttypecode = The entity of the record which has been shared
objectid = The GUID of the record which has been shared
principaltypecode = The entity of the principle
inheritedaccessrightmask = The record has inherited permissions from it's parent
accessrightsmask = The access rights for the record (as defined by the access team template)
Figure 9
Entity: team
Figure 10
Entity: teammembership
Figure 11

Expanding on line 37 of Figure 5. The function GetClinicalTrialActiveSystemUsers retrieves all the users (e.g. CreatedBy) who are part of the clinical trial including the newly added John Smith (mentioned in the overview section) who has been made an approver

Figure 12

Expanding on line 44 of Figure 5. The function AddUserToTeamTemplate adds John Smith to the access team

Figure 13

The step is registered using the Plugin Registration Tool

Figure 14