List user access for a record or revoke all user accesses to a record?

[Henry-Sir]

Hello,

Here ist the question of list record access for a user: #496

I need the whole thing reversed. An overview of all users that have been granted access to a record via Grant-CrmRecordAccess.
Is this possible?

Or is there a way to clean up the granted access, like "Remove-CrmRecordAccess -RevokeAll"?

[seanmcne]

If you can find a way, using the api, to do this then it's very likely we could find a way to do it with this (we pretty much have access to anything in the API). In the past, it would be quite difficult to do such an operation. The reason is: users can get access to a record quite a few ways:

• direct sharing - where the user would show up as having something shared to them
• via inherited access - they have access to an account, but in the relationship setup they also have cascaded/inherited access rights
• via an access team
• via a role privilege in their assigned security role (ie: global read on all accounts)
• via a role privilege being a member of a team assigned a security role (ie: global read on all accounts)
• more info here: https://learn.microsoft.com/en-us/power-platform/admin/how-record-access-determined

It's possible I'm forgetting other ways, additionally, I don't know if there's an easy way to request all direct shares by the users principal (we can get the direct shares for a given record but I don't think there's an api call to retrieve all records shared to a user). However, if I've missed something and you have a way to get all the direct shares to a given user please let me know and we'll see if that's something we can do here. Thanks!