Discussion:
ms crm 4.0 PrincipalObjectAccess
(too old to reply)
patrck
2010-08-23 13:22:06 UTC
Permalink
Hi all,

We have more than 5 Million records in PrincipalObjectAccess Table. I have
learned that this table contains data about the shared records. However, in
our case we never share records, all users have security roles and this is
enough for us. Followings is the content of PrincipalObjectAccess Table:

select ObjectTypeCode, COUNT(ObjectTypeCode) as total
from PrincipalObjectAccess
group by ObjectTypeCode
order by total desc

ObjectTypeCode EntityName total
5 Annotation 3.166.458
4200 ActivityPointer 838.042
112 Incident 415.500
1 Account 38.087
4230 UserQuery 135
9100 Report 104
150 UserSettings 88
8 SystemUser 88
9106 MailMergeTemplate 20
2010 Template 3
4.458.525

As seen, there are more than 3 million records for Annotation entity
(Notes). Then I realized that a workflow assigns case to other departments
and create a note about this assignment.

In the organization settings there is and option to disable the automatic
sharing of records. This option is disabled from the beginning of crm
deployment.

So I wonder why new records are created in PrincipalObjectAccess Table?
(Because we never use sharing). Second, I wanna clear all content of
PrincipalObjectAccess Table, is there a supported way to accomplish this?
MayankP
2010-08-23 16:21:03 UTC
Permalink
Hi patrick,

This table also contains data when you assign account to some one case all
child objects (like cases, opps) gets shared with new owner..

you can get full report using following tool..

http://www.sharingsummary.codeplex.com


and then you can write code (SDK API) and delete these sharing if you want
to..
--
Regards,
MayankP
My Blog : http://mayankp.wordpress.com
Post by patrck
Hi all,
We have more than 5 Million records in PrincipalObjectAccess Table. I have
learned that this table contains data about the shared records. However, in
our case we never share records, all users have security roles and this is
select ObjectTypeCode, COUNT(ObjectTypeCode) as total
from PrincipalObjectAccess
group by ObjectTypeCode
order by total desc
ObjectTypeCode EntityName total
5 Annotation 3.166.458
4200 ActivityPointer 838.042
112 Incident 415.500
1 Account 38.087
4230 UserQuery 135
9100 Report 104
150 UserSettings 88
8 SystemUser 88
9106 MailMergeTemplate 20
2010 Template 3
4.458.525
As seen, there are more than 3 million records for Annotation entity
(Notes). Then I realized that a workflow assigns case to other departments
and create a note about this assignment.
In the organization settings there is and option to disable the automatic
sharing of records. This option is disabled from the beginning of crm
deployment.
So I wonder why new records are created in PrincipalObjectAccess Table?
(Because we never use sharing). Second, I wanna clear all content of
PrincipalObjectAccess Table, is there a supported way to accomplish this?
patrck
2010-08-24 06:24:03 UTC
Permalink
Hi MayankP,
Thank you very much for the very useful link, the report tells evertything.
By the way using sdk, i think we can only remove the share permission, the
record itself still remains in PrincipalObjectAccess table. In my test
environment, I directly use sql query (delete from PrincipalObjectAccess),
and i think it works. I know this unsupported, but do you have any idea about
side affects of this query, or is it safe to use it?
Post by MayankP
Hi patrick,
This table also contains data when you assign account to some one case all
child objects (like cases, opps) gets shared with new owner..
you can get full report using following tool..
http://www.sharingsummary.codeplex.com
and then you can write code (SDK API) and delete these sharing if you want
to..
--
Regards,
MayankP
My Blog : http://mayankp.wordpress.com
Post by patrck
Hi all,
We have more than 5 Million records in PrincipalObjectAccess Table. I have
learned that this table contains data about the shared records. However, in
our case we never share records, all users have security roles and this is
select ObjectTypeCode, COUNT(ObjectTypeCode) as total
from PrincipalObjectAccess
group by ObjectTypeCode
order by total desc
ObjectTypeCode EntityName total
5 Annotation 3.166.458
4200 ActivityPointer 838.042
112 Incident 415.500
1 Account 38.087
4230 UserQuery 135
9100 Report 104
150 UserSettings 88
8 SystemUser 88
9106 MailMergeTemplate 20
2010 Template 3
4.458.525
As seen, there are more than 3 million records for Annotation entity
(Notes). Then I realized that a workflow assigns case to other departments
and create a note about this assignment.
In the organization settings there is and option to disable the automatic
sharing of records. This option is disabled from the beginning of crm
deployment.
So I wonder why new records are created in PrincipalObjectAccess Table?
(Because we never use sharing). Second, I wanna clear all content of
PrincipalObjectAccess Table, is there a supported way to accomplish this?
patrck
2010-08-24 10:26:03 UTC
Permalink
Ok. I Finally found the solution:

First revoke the sharing permission, then deletion service removes the
record from PrincipalObjectAccess table.

CrmService c = CreateCrmService();

//REVOKE
// Create the SecurityPrincipal object.
SecurityPrincipal principal = new SecurityPrincipal();

// PrincipalId is the GUID of the team whose access is being
revoked.
principal.Type = SecurityPrincipalType.User;
principal.PrincipalId = new
Guid("3FE220AD-E6AE-DF11-868D-000C29624306");

// Create the target for the request.
TargetOwnedDynamic target = new TargetOwnedDynamic();
// EntityId is the GUID of the Opportunity to which
// access is being revoked.
target.EntityId = new
Guid("8863BB76-E4AE-DF11-868D-000C29624306");
target.EntityName = EntityName.account.ToString();

// Create the request object.
RevokeAccessRequest revoke = new RevokeAccessRequest();
// Set the properties of the request object.
revoke.Revokee = principal;
revoke.Target = target;
// Execute the request.

RevokeAccessResponse revoked =
(RevokeAccessResponse)c.Execute(revoke);
Post by patrck
Hi MayankP,
Thank you very much for the very useful link, the report tells evertything.
By the way using sdk, i think we can only remove the share permission, the
record itself still remains in PrincipalObjectAccess table. In my test
environment, I directly use sql query (delete from PrincipalObjectAccess),
and i think it works. I know this unsupported, but do you have any idea about
side affects of this query, or is it safe to use it?
Post by MayankP
Hi patrick,
This table also contains data when you assign account to some one case all
child objects (like cases, opps) gets shared with new owner..
you can get full report using following tool..
http://www.sharingsummary.codeplex.com
and then you can write code (SDK API) and delete these sharing if you want
to..
--
Regards,
MayankP
My Blog : http://mayankp.wordpress.com
Post by patrck
Hi all,
We have more than 5 Million records in PrincipalObjectAccess Table. I have
learned that this table contains data about the shared records. However, in
our case we never share records, all users have security roles and this is
select ObjectTypeCode, COUNT(ObjectTypeCode) as total
from PrincipalObjectAccess
group by ObjectTypeCode
order by total desc
ObjectTypeCode EntityName total
5 Annotation 3.166.458
4200 ActivityPointer 838.042
112 Incident 415.500
1 Account 38.087
4230 UserQuery 135
9100 Report 104
150 UserSettings 88
8 SystemUser 88
9106 MailMergeTemplate 20
2010 Template 3
4.458.525
As seen, there are more than 3 million records for Annotation entity
(Notes). Then I realized that a workflow assigns case to other departments
and create a note about this assignment.
In the organization settings there is and option to disable the automatic
sharing of records. This option is disabled from the beginning of crm
deployment.
So I wonder why new records are created in PrincipalObjectAccess Table?
(Because we never use sharing). Second, I wanna clear all content of
PrincipalObjectAccess Table, is there a supported way to accomplish this?
Loading...