Today I received an email from a user experiencing difficulty editing charts that had been shared with them by another user, who had forgotten to check the “Write” permission. Unfortunately this person was away for the day, and for some reason CRM doesn’t have a neat admin tool for managing individual user-specified sharing settings for charts and such. So I had little choice but to dig into the bowels of the database and set the permissions manually.
User-designed charts are accessible via the UserQueryVisualization view and the actual permission info is stored in PrincipalObjectAccess table. The corresponding record for a specific user/chart can be obtained like this:
SELECT poa.PrincipalObjectAccessId<o:p></o:p>
FROM UserQueryVisualization uq<o:p></o:p>
LEFT JOINPrincipalObjectAccess poa<o:p></o:p>
ON poa.ObjectId = uq.UserQueryVisualizationId<o:p></o:p>
LEFT JOIN SystemUserPrincipals sp<o:p></o:p>
ON sp.PrincipalId = poa.PrincipalId<o:p></o:p>
LEFT JOIN FilteredSystemUser su<o:p></o:p>
ONsu.systemuserid =sp.SystemUserId<o:p></o:p>
WHERE uq.name = 'Chart Name'
AND su.fullname = 'User Name'
<o:p></o:p>
From there all that needs to happen is to update AccessRightsMask = 786455 for that PrincipalObjectAccess record. I have no idea what this value represents but it’s the same value that was set on a test record which I had assigned full access to. If anyone can explain its meaning, that would be enlightening.