cancel
Showing results for 
Search instead for 
Did you mean: 

Entity Permissions should not trigger linked entities query limit

Author Name: Alan Mervitz

Entity Permissions modify the FetchXml when retrieving data from the CRM. This often results in getting a 'Number of link entities in query exceeded maximum limit' exception when dealing with moderately sophisticated data models with multiple or nested relationships. Another situation where it is easier to encounter this error with simple data models is when the FetchXml is added to filters already present in a CRM view that controls what data is retrieved.

Suggesting that a data model should be simplified is not an acceptable answer - data models do get complex for completely legitimate reasons, and changing the data model as a workaround becomes a very costly and complex effort of its own.

As potential solutions, I would propose that the "link-entity" xml elements added via Entity Permissions should either be excluded from the limit that CRM enforces, or the Entity Permissions implementation should be changed to operate at a different layer (think how the OSI model sets boundaries between layers of concerns, or the regular CRM business unit security model that works transparently behind the scenes in all queries) so that this exception NEVER happens.

Status: Planned

Thank you for your feedback.  We are considering moving the permission model out of the portal and back into the CRM server itself, eliminating the need for linked entities in your query specifically for security assertions.  That said, one technique you can use in the meantime is to tie permissions to a web role and that will reduce some of the linked entities in your queries.  Examine the security permissions in the partner portal for examples.

Sincerely,
Shan McArthur
Principal PM, Microsoft

Comments
D365Ideas_Admin
Regular Visitor
Status changed to: Planned

Thank you for your feedback.  We are considering moving the permission model out of the portal and back into the CRM server itself, eliminating the need for linked entities in your query specifically for security assertions.  That said, one technique you can use in the meantime is to tie permissions to a web role and that will reduce some of the linked entities in your queries.  Examine the security permissions in the partner portal for examples.

Sincerely,
Shan McArthur
Principal PM, Microsoft

D365Ideas_Admin
Regular Visitor

We have run into the same issue with quickly exceeding the maximum limit with a medium complex security as we are using the different relationships between Contacts and Accounts. Even after simplifying the security model and considering utilizing view permissions, we are still limited to 3 distinct web roles.

D365Ideas_Admin
Regular Visitor

Another submitted idea, Entity Permissions should be assignable to specific features and not apply globally, would greatly reduce the occurrence of this error.

A major contributing factor to this error is that entity permissions not relevant to the data being retrieved or permissions asserted against are applied to the FetchXml query. For example, if wanting to retrieve or assert a permission over the contacts related to an account via a specific relationship, and if there were 3 relationships between the account and contact each with an entity permissions defined on them, the entity permissions assertion logic will combine all 3 entity permissions together when it creates the FetchXml query, rather than just using the one relationship that was actually pertinent.