Field Level Security With CRM 3.0 - Part I

One thing that CRM 3.0 lacks is the ability to lock down fields, buttons, forms etc based on the security role of the user logged in.  Ronald Lemmen has a great blog post that allows you to call out-of-the box Javascript code to accomplish this task.  You can find the URL here.  I've taken his original post that allows you to check for User's roles and went a step further and starting enabling/disabling fields, hiding fields, hiding buttons and other things that we'd like to lock down for certain users.

Javascript Function #1:  getUserId()

This function executes a WhoAmI request in order to retrieve the GUID of the currently logged in user.   

 

function getUserId()

{

try

{

var command = new RemoteCommand("SystemUser", "WhoAmI", "/MSCRMServices/");

var oResult = command.Execute();

 

if (oResult.Success)

{

return oResult.ReturnValue.UserId;

}

}

catch(e)

{

alert("Error while retrieving userid.");

}

return null;

}

 

Javascript Function #2:  getUserRoles(userid)

This function takes the GUID of the user from the first script and it gets the list of all roles assigned to that user.

 

function getUserRoles(userId)

{

try

{

var command = new RemoteCommand("UserManager", "GetUserRoles");

command.SetParameter("userIds", "<guid>" + userId + "</guid>");

 

var oResult = command.Execute();

 

if (oResult.Success)

{

return oResult.ReturnValue;

}

}

catch(e)

{

alert("Error while retrieving roles.");

}

return null;

}

 

 

Javascript Function #3:  userHasRole(userid,roleName)

This function takes takes the GUID of the logged in user and a string parameter where you specify the name of the role that you are looking for.  It calls teh getUserRoles() function to retrieve the list of roles.  Once the list of roles has been retrieved it loops through the array of user roles checking for the specific role passed to this function.

 

function userHasRole(userId, roleName)

{

result = getUserRoles(userId);

if (result != null)

{

var oXml = new ActiveXObject("Microsoft.XMLDOM");

oXml.resolveExternals = false;

oXml.async = false;

oXml.loadXML(result);

 

roleNode = oXml.selectSingleNode("/roles/role[name='" + roleName + "']");

if (roleNode != null)

{

if (roleNode.selectSingleNode("roleid[@checked='true']") != null)

return true;

}

}

 

return false;

}

 

 Javascript Function #4:  currentUserHasRole(rolename)

This is the function that you would call from you Javascript to determine whether or not the user has the role that you are looking for.  This calls the other functions and will return true if the user has the role otherwise it will return false/null if they don't.

 

function currentUserHasRole(roleName)

{

userId = getUserId();

return userHasRole(userId, roleName);

}

 

Now that we have the primary functions involved in accomplishing field-level security in Microsoft CRM, we can put these scripts to the test.

 

Part II - Locking Down Fields

Part III - Showing/HIding Fields

Part IV - Hiding Buttons/Navigation

 

Hopefully, Part II will be published by the end of this week.

Published 08-03-2007 10:34 AM by Jeremy Winchell

Comments

# re: Field Level Security With CRM 3.0 - Part I

Monday, August 20, 2007 3:53 PM by Jeremy Winchell

So Part II is coming along a little slower than I had expected.  I should be able to get the next post done by the end of this week instead.

# re: Field Level Security With CRM 3.0 - Part I

Tuesday, September 04, 2007 10:54 PM by Andrew Whiteside

Thanks heaps for this post!!!!!

Really helped me out in implementing field based security :)

Btw this works for disabling or setting forms to read only.

Try it on the contacts form onLoad.

if( currentUserHasRole ('Vice President of Marketing'))

{

crmForm.all.telephone3.disabled = true;

crmForm.all.telephone1.readOnly = true;

}

# re: Field Level Security With CRM 3.0 - Part I

Thursday, September 13, 2007 8:10 AM by Jeremy Winchell

Hmm.  I've been able to hide buttons, fields on the CRM Form using this code. I typically use document.getElementById() to take care of things that you can do with the Client Side SDK.

//Hide Fied:

document.getElementById("<field_name" + "_c").style.display = "none";

document.getElementById("<field_name" + "_d").style.display = "none";

To show the fields again then copy the same 2 lines above but after the = use empty "".

# re: Field Level Security With CRM 3.0 - Part I

Monday, September 17, 2007 12:12 AM by Jaber

Hi Andrew Whiteside

The lines of code you provided, i am trying to implement it but it is not working.

Have we need to add up some other code as well to make it working.

Regards

Jaber

# re: Field Level Security With CRM 3.0 - Part I

Monday, September 17, 2007 8:44 PM by Jaber

Thanks alot Jeremy

The code is really abig help.

I got some code I think may be helpful for you.

A form can have max of 8 tabs which have index from 0 to 7 and the direction is from left to right.

To hide and display tabs use the line of code given below:

1. to hide tab : - crmForm.all.tab0Tab.style.display="none";

2. to display tab : - crmForm.all.tab0Tab.style.display="inline";

you can put the index of the tab you want to hide at code where tab0Tab and change tab1Tab etc.

//------------------------------

To hide and display the fields.

1. To hide the field label:- crmForm.all.new_save_c.style.display="none";

   To hide the field:- crmForm.all.new_save_d.style.display="none";

2. To displaythe field label:- crmForm.all.new_save_c.style.display="inline";

   To displaythe field:- crmForm.all.new_save_d.style.display="inline";

If you need any help you can e-mail me on: jaberjs@yahoo.com

Regards

Jaber

# re: Field Level Security With CRM 3.0 - Part I

Tuesday, October 02, 2007 9:01 PM by Jeremy Winchell

Thanks Jaber for the great tips on showing/hiding fields and tabs with JavaScript.  

# re: Field Level Security With CRM 3.0 - Part I

Thursday, October 25, 2007 11:56 AM by Joe

Does Dynamics CRM 4.0 fix this problem so that you can enable field-level security based on the security role of the user logged in?

# re: Field Level Security With CRM 3.0 - Part I

Sunday, May 11, 2008 6:09 AM by Ahmad

So did you ever publish Part 2, 3 and 4?

# re: Field Level Security With CRM 3.0 - Part I

Tuesday, May 13, 2008 6:50 PM by Jeremy Winchell

I have not yet published part 2, 3 or 4.  I am working on putting something together for CRM 4.0.

# re: Field Level Security With CRM 3.0 - Part I

Friday, August 01, 2008 1:47 AM by Mark Braithwaite

Hi

I am trying to hide the convert Lead button for certain users in our organization. I originally tried:

if ( currentUserHasRole("Account Manager"))

{

document.getelementById("_MBconvertLead").style.display = 'none';

}

This was unsuccessful and I posted a question on the CRM Newsgroup. I was suggested to try:

var hasRole = currentUserHasRole ("RoleToDisable");

if (hasRole)

{

   var element = document.getElementById("_MBconvertLead");

   if (element != null)

   {   element.disabled = true ; }

   // menu item as well

   var elementMnu = document.getElementById("_MIconvertLead");

   if (elementMnu != null)

   {

       elementMnu.disabled = true ;

       elementMnu.action = null;

   }

}

This was also unsuccessful. I keep getting an object expected error.

I would really appreciate if you could point me in the right direction.

Many Thanks

Mark

# re: Field Level Security With CRM 3.0 - Part I

Wednesday, October 08, 2008 9:28 AM by Ronald Lemmen

Hi Jeremy,

Please note that the code will not migrate to CRM 4.0. Everybody who's using this code will need to recreate this in CRM 4.0.

Also, people like Andrew Whiteside who are using this for Field Level Security should definitely keep in mind that this code is only removing the fields from the screen. With Javascript knowledged users can still retrieve the values. As well as people who are adding the attributes to advanced find queries will still see the data. In CRM 4.0 you can solve this by creating a preread plug-in.

Hope this helps,

Ronald Lemmen

# re: Field Level Security With CRM 3.0 - Part I

Wednesday, October 22, 2008 7:26 PM by Jeremy Winchell

Ronald,

Thanks for the post.  We have been able to sort of create a work-around calling the SDK with JavaScript to get the list of roles.  It's not as fast or efficient as the CRM 3.0 version of field level security but it seems to do the trick ok.

I didn't know about the PreRead Plug-In message.  I will have to look into that one as I have some uses for it right now.  Plus, it can be used instead of dealing with the JavaSCript and the SDK.

Thanks,

Jeremy

Inetium, LLC. Site Information