Record level security in MS Dynamics -

we want implement 'record level security' in ms crm dynamics. on user , case entity have optionset has below values, optionset has lot of values, below simple values:

• category 1
• category 2

we want restrict category 1 users see category 1 cases , restrict category 2 users see category 2 cases.

what have done far?

i thinking should possible through retrieve plugin, after wrote code.. found retrieve plugin triggering 5 times when tried open case record. not throw custom error.

    public void execute(iserviceprovider serviceprovider)     {         itracingservice tracer = (itracingservice)serviceprovider.getservice(typeof(itracingservice));         ipluginexecutioncontext context = (ipluginexecutioncontext)serviceprovider.getservice(typeof(ipluginexecutioncontext));         iorganizationservicefactory factory = (iorganizationservicefactory)serviceprovider.getservice(typeof(iorganizationservicefactory));         iorganizationservice service = factory.createorganizationservice(context.userid);          tracer.trace("context.depth = " + context.depth);          if (context.depth > 1)             return;          tracer.trace("context.stage = " + context.stage);          tracer.trace("context.messagename = " + context.messagename);           entityreference entityreference = (entityreference)context.inputparameters["target"];          tracer.trace("entityreferencee = " + entityreference.logicalname);          if (context.outputparameters != null && context.outputparameters.contains("businessentity"))         {             if (context.outputparameters["businessentity"] entity)             {                 entity entity = (entity)context.outputparameters["businessentity"];                  tracer.trace("entity.logicalname = " + entity.logicalname);                  context.outputparameters["businessentity"] = null;                  throw new exception("you can not view record.");              }             else             {                 tracer.trace("businessentity entity not entity.");             }         }         else         {             tracer.trace("businessentity entity null");         }     } 

this how plugin registered:

error:

detail of log file given below:

unhandled exception: system.servicemodel.faultexception`1[[microsoft.xrm.sdk.organizationservicefault, microsoft.xrm.sdk, version=7.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35]]: system.web.httpunhandledexception: microsoft dynamics crm has experienced error. reference number administrators or support: #cf526d62detail:
-2147220970 system.web.httpunhandledexception: microsoft dynamics crm has experienced error. reference number administrators or support: #cf526d62
2015-09-21t12:33:00.6154994z -2147220956 unexpected exception plug-in (execute): restrictuseraccess.case: system.exception: can not view record. 2015-09-21t12:33:00.6154994z

[restrictuseraccess: restrictuseraccess.case] [c8860cb6-4260-e511-80ea-3863bb3600d8: restrictuseraccess.case: retrieve of incident]

context.depth = 1 context.stage = 40 context.messagename = retrieve entityreferencee = incident entity.logicalname = incident

your code does throw exception, crm platform handles unexpected error. (just read log details.)

when need signal functional error, have throw invalidpluginexecutionexception.

it possible system retrieving same case record multiple times. scripting on web form or in ribbon can responsible retrieving same record, e.g. when needs evaluate record state.

therefore throwing exceptions on retrieval of case records may not useful solution. alternative approach clear (or sensitive) fields on retrieval removing them entity.attributes collection.