Inetium Blogs
Inetium Blog Web Site
Jeremy Winchell » Field Level Security With CRM 3.0 - Part I

Field Level Security With CRM 3.0 - Part I

One thing that CRM 3.0 lacks is the ability to lock down fields, buttons, forms etc based on the security role of the user logged in.  Ronald Lemmen has a great blog post that allows you to call out-of-the box Javascript code to accomplish this task.  You can find the URL here.  I've taken his original post that allows you to check for User's roles and went a step further and starting enabling/disabling fields, hiding fields, hiding buttons and other things that we'd like to lock down for certain users.

Javascript Function #1:  getUserId()

This function executes a WhoAmI request in order to retrieve the GUID of the currently logged in user.   

 

function getUserId()

{

try

{

var command = new RemoteCommand("SystemUser", "WhoAmI", "/MSCRMServices/");

var oResult = command.Execute();

 

if (oResult.Success)

{

return oResult.ReturnValue.UserId;

}

}

catch(e)

{

alert("Error while retrieving userid.");

}

return null;

}

 

Javascript Function #2:  getUserRoles(userid)

This function takes the GUID of the user from the first script and it gets the list of all roles assigned to that user.

 

function getUserRoles(userId)

{

try

{

var command = new RemoteCommand("UserManager", "GetUserRoles");

command.SetParameter("userIds", "<guid>" + userId + "</guid>");

 

var oResult = command.Execute();

 

if (oResult.Success)

{

return oResult.ReturnValue;

}

}

catch(e)

{

alert("Error while retrieving roles.");

}

return null;

}

 

 

Javascript Function #3:  userHasRole(userid,roleName)

This function takes takes the GUID of the logged in user and a string parameter where you specify the name of the role that you are looking for.  It calls teh getUserRoles() function to retrieve the list of roles.  Once the list of roles has been retrieved it loops through the array of user roles checking for the specific role passed to this function.

 

function userHasRole(userId, roleName)

{

result = getUserRoles(userId);

if (result != null)

{

var oXml = new ActiveXObject("Microsoft.XMLDOM");

oXml.resolveExternals = false;

oXml.async = false;

oXml.loadXML(result);

 

roleNode = oXml.selectSingleNode("/roles/role[name='" + roleName + "']");

if (roleNode != null)

{

if (roleNode.selectSingleNode("roleid[@checked='true']") != null)

return true;

}

}

 

return false;

}

 

 Javascript Function #4:  currentUserHasRole(rolename)

This is the function that you would call from you Javascript to determine whether or not the user has the role that you are looking for.  This calls the other functions and will return true if the user has the role otherwise it will return false/null if they don't.

 

function currentUserHasRole(roleName)

{

userId = getUserId();

return userHasRole(userId, roleName);

}

 

Now that we have the primary functions involved in accomplishing field-level security in Microsoft CRM, we can put these scripts to the test.

 

Part II - Locking Down Fields

Part III - Showing/HIding Fields

Part IV - Hiding Buttons/Navigation

 

Hopefully, Part II will be published by the end of this week.

Posted Aug 03 2007, 10:34 AM by Jeremy Winchell

Comments

Jeremy Winchell wrote re: Field Level Security With CRM 3.0 - Part I
on 08-20-2007 3:53 PM

So Part II is coming along a little slower than I had expected.  I should be able to get the next post done by the end of this week instead.

Andrew Whiteside wrote re: Field Level Security With CRM 3.0 - Part I
on 09-04-2007 10:54 PM

Thanks heaps for this post!!!!!

Really helped me out in implementing field based security :)

Btw this works for disabling or setting forms to read only.

Try it on the contacts form onLoad.

if( currentUserHasRole ('Vice President of Marketing'))

{

crmForm.all.telephone3.disabled = true;

crmForm.all.telephone1.readOnly = true;

}

Jeremy Winchell wrote re: Field Level Security With CRM 3.0 - Part I
on 09-13-2007 8:10 AM

Hmm.  I've been able to hide buttons, fields on the CRM Form using this code. I typically use document.getElementById() to take care of things that you can do with the Client Side SDK.

//Hide Fied:

document.getElementById("<field_name" + "_c").style.display = "none";

document.getElementById("<field_name" + "_d").style.display = "none";

To show the fields again then copy the same 2 lines above but after the = use empty "".

Jaber wrote re: Field Level Security With CRM 3.0 - Part I
on 09-17-2007 12:12 AM

Hi Andrew Whiteside

The lines of code you provided, i am trying to implement it but it is not working.

Have we need to add up some other code as well to make it working.

Regards

Jaber

Jaber wrote re: Field Level Security With CRM 3.0 - Part I
on 09-17-2007 8:44 PM

Thanks alot Jeremy

The code is really abig help.

I got some code I think may be helpful for you.

A form can have max of 8 tabs which have index from 0 to 7 and the direction is from left to right.

To hide and display tabs use the line of code given below:

1. to hide tab : - crmForm.all.tab0Tab.style.display="none";

2. to display tab : - crmForm.all.tab0Tab.style.display="inline";

you can put the index of the tab you want to hide at code where tab0Tab and change tab1Tab etc.

//------------------------------

To hide and display the fields.

1. To hide the field label:- crmForm.all.new_save_c.style.display="none";

   To hide the field:- crmForm.all.new_save_d.style.display="none";

2. To displaythe field label:- crmForm.all.new_save_c.style.display="inline";

   To displaythe field:- crmForm.all.new_save_d.style.display="inline";

If you need any help you can e-mail me on: jaberjs@yahoo.com

Regards

Jaber

Jeremy Winchell wrote re: Field Level Security With CRM 3.0 - Part I
on 10-02-2007 9:01 PM

Thanks Jaber for the great tips on showing/hiding fields and tabs with JavaScript.  

Joe wrote re: Field Level Security With CRM 3.0 - Part I
on 10-25-2007 11:56 AM

Does Dynamics CRM 4.0 fix this problem so that you can enable field-level security based on the security role of the user logged in?

Ahmad wrote re: Field Level Security With CRM 3.0 - Part I
on 05-11-2008 6:09 AM

So did you ever publish Part 2, 3 and 4?

Jeremy Winchell wrote re: Field Level Security With CRM 3.0 - Part I
on 05-13-2008 6:50 PM

I have not yet published part 2, 3 or 4.  I am working on putting something together for CRM 4.0.

Mark Braithwaite wrote re: Field Level Security With CRM 3.0 - Part I
on 08-01-2008 1:47 AM

Hi

I am trying to hide the convert Lead button for certain users in our organization. I originally tried:

if ( currentUserHasRole("Account Manager"))

{

document.getelementById("_MBconvertLead").style.display = 'none';

}

This was unsuccessful and I posted a question on the CRM Newsgroup. I was suggested to try:

var hasRole = currentUserHasRole ("RoleToDisable");

if (hasRole)

{

   var element = document.getElementById("_MBconvertLead");

   if (element != null)

   {   element.disabled = true ; }

   // menu item as well

   var elementMnu = document.getElementById("_MIconvertLead");

   if (elementMnu != null)

   {

       elementMnu.disabled = true ;

       elementMnu.action = null;

   }

}

This was also unsuccessful. I keep getting an object expected error.

I would really appreciate if you could point me in the right direction.

Many Thanks

Mark

Add a Comment

(required)  
(optional)
(required)  
Remember Me?
Inetium, LLC. Disclaimer