Associate a Security Role on User Creation in CRM 2011 using Async Plugin

Below is the sample code to associate a security role on user creation in CRM 2011. Register the plugin on Post Create of systemuser entity and select execution mode as Asynchronous


public void Execute(IServiceProvider serviceProvider)


            // Obtain the execution context from the service provider.

            IPluginExecutionContext context =



            // Get a reference to the organization service.

            IOrganizationServiceFactory factory =


            IOrganizationService service = factory.CreateOrganizationService(context.UserId);



// The InputParameters collection contains all the data passed in the message request.

            if (context.InputParameters.Contains(“Target”) &&

                context.InputParameters[“Target”] is Entity)


                // Obtain the target entity from the input parameters.

                Entity entity = (Entity)context.InputParameters[“Target”];


                // Verify that the target entity represents a systemuser.

                // If not, this plug-in was not registered correctly.

                if (entity.LogicalName != “systemuser”)





// get user entity record id

Guid userId=(Guid)context.OutputParameters[“id”];


//Get Id of Security Role

Guid securityRoleId=new Guid(“<enter guid here>”)

                // Create the request object

// systemusersroles_association relationship.

AssociateRequest addRolesToUser = new AssociateRequest


    Target = new EntityReference(“systemuser”, userId),

    RelatedEntities = new EntityReferenceCollection


        new EntityReference(“role”, securityRoleId)


    Relationship = new Relationship(“systemuserroles_association”)



// Execute the request.



            catch (FaultException<OrganizationServiceFault> ex)


                // Handle the exception.




 hope it will help u !

Using Create Method of CrmService WebService

// Set up the CRM Service.

CrmAuthenticationToken token = new


// You can use enums.cs from the SDK\Helpers folder to get

the enumeration for AD Authentication.

token.AuthenticationType = 0;

token.OrganizationName =”AdventureWorksCycle”;

CrmService service = new CrmService();




service.CrmAuthenticationTokenValue = token;

service.Credentials =


// Create the column set object that indicates the

properties to be retrieved.

ColumnSet cols = new ColumnSet();

// Set the properties of the column set.

cols.Attributes = new string [] {“fullname”};

// contactGuid is the GUID of the record being retrieved.

Guid contactGuid = new Guid(“4D507FFE-ED25-447B-80DE-


// Retrieve the contact.

// The EntityName indicates the EntityType of the object

being retrieved.

contact contact =


contactGuid, cols);


%d bloggers like this: