Microsoft Dynamics CRM – Steve Suh

I had a plug-in on an opportunity that among other things assigned a price list based on the currency on the opportunity.  Since price list also has a currency on it, it needed to match what’s on the opportunity. 

In order for this to work dynamically, I had the plug-in code look for price lists that had a matching currency and if they didn’t exist create a new one.  Since our system doesn’t use the product catalog or order system, performing these kinds of operations are safe.

The plug-in impersonates the user via the context.InitiatingUserId

ICrmService service = context.CreateCrmService(context.InitiatingUserId);

This was all fine and good, but after testing with less privileged security roles, I found that they didn’t have the prvCreateProduct privilege, so the plug-in would fail on creation of the price list (pricelevel entity).  I had to override the impersonation to use the NETWORK SERVICE account by passing in false to the context.CreateCrmService(false) method in order to get the required privilege. 

private Guid CreatePriceList(IPluginExecutionContext context, Guid currencyId)
        {
            // Need to override the identity of the calling user to SYSTEM, as not everyone has the prvCreateProduct privilege
            // required to create the PriceLevel
            ICrmService crmService = context.CreateCrmService(false);

            // Get the name of the currency and use it for the pricelist
            // Unfortunately we have to make another query
            ColumnSet cols = new ColumnSet();
            cols.AddColumn(“currencyname”);

            transactioncurrency currency = (transactioncurrency)crmService.Retrieve(EntityName.transactioncurrency.ToString(), currencyId, cols);
           
            pricelevel newPriceList = new pricelevel();
            newPriceList.name = currency.currencyname + ” Price List”;
            newPriceList.transactioncurrencyid = new Lookup(EntityName.transactioncurrency.ToString(), currency.transactioncurrencyid.Value);

            return crmService.Create(newPriceList);
        }

I know I could’ve added the the user to a higher privileged OOTB role like Sales Manager, but shouldn’t this privilege be part of the security roles?  If it is perhaps I wasn’t able to find it, does anyone know of a way to add it?