Field Level Security for Microsoft Dynamics CRM 4.0


Here is a simple way to enable Field Level Security for Microsoft Dynamics CRM 4.0. This soluion is a ‘simple’ workaround 🙂 and only works on CRM Forms. the aim is to disabled fields following security roles.


Before:


image


After:


image


Just Copy/Paste the following code on the onload event and change the 2 first lines :






var _roles = ['roleX','System Administrator']; //array of security roles name


var _fields = ['name', 'accountNumber']; // array of field schema names to disable


UpdateFields();


/* Functions */


function UpdateFields() {


    var oXml = GetCurrentUserRoles();


    if (oXml != null) {


        var roles = oXml.selectNodes("//BusinessEntity/q1:name");


        if (roles != null) {


            for (i = 0; i < roles.length; i++) {


                for (j = 0; j < _roles.length; j++) {


                    if (roles[i].text == _roles[j]) {


                        for (k = 0; k < _fields.length; k++) {


                            try {


                                document.getElementById(_fields[k]).Disabled = true;


                            } catch (e) {


                            }


                        }


                        return;  


                    }


                }


            }


        }


    }


    return;


}


function GetCurrentUserRoles() {


    var xml = "" +


"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +


"<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">" +


GenerateAuthenticationHeader() +


" <soap:Body>" +


" <RetrieveMultiple xmlns=\"http://schemas.microsoft.com/crm/2007/WebServices\">" +


" <query xmlns:q1=\"http://schemas.microsoft.com/crm/2006/Query\" xsi:type=\"q1:QueryExpression\">" +


" <q1:EntityName>role</q1:EntityName>" +


" <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" +


" <q1:Attributes>" +


" <q1:Attribute>name</q1:Attribute>" +


" </q1:Attributes>" +


" </q1:ColumnSet>" +


" <q1:Distinct>false</q1:Distinct>" +


" <q1:LinkEntities>" +


" <q1:LinkEntity>" +


" <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" +


" <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" +


" <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" +


" <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" +


" <q1:JoinOperator>Inner</q1:JoinOperator>" +


" <q1:LinkEntities>" +


" <q1:LinkEntity>" +


" <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" +


" <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" +


" <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" +


" <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" +


" <q1:JoinOperator>Inner</q1:JoinOperator>" +


" <q1:LinkCriteria>" +


" <q1:FilterOperator>And</q1:FilterOperator>" +


" <q1:Conditions>" +


" <q1:Condition>" +


" <q1:AttributeName>systemuserid</q1:AttributeName>" +


" <q1:Operator>EqualUserId</q1:Operator>" +


" </q1:Condition>" +


" </q1:Conditions>" +


" </q1:LinkCriteria>" +


" </q1:LinkEntity>" +


" </q1:LinkEntities>" +


" </q1:LinkEntity>" +


" </q1:LinkEntities>" +


" </query>" +


" </RetrieveMultiple>" +


" </soap:Body>" +


"</soap:Envelope>" +


"";


    var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");


    xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);


    xmlHttpRequest.setRequestHeader("SOAPAction", " http://schemas.microsoft.com/crm/2007/WebServices/RetrieveMultiple");


    xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");


    xmlHttpRequest.setRequestHeader("Content-Length", xml.length);


    xmlHttpRequest.send(xml);


    var resultXml = xmlHttpRequest.responseXML;


    return (resultXml);


}


/* Functions */


 


 


Pierre-Adrien FORESTIER | PAF | http://blogs.msdn.com/paf

Comments (9)

  1. kman says:

    Great info, thanks for sharing!

  2. Rahul Lohar says:

    works like heaven…thanks

  3. Gpatel says:

    Works like a charm, it really helped me to do my job.

    Thanks a lot for your hard work

  4. Sarah says:

    What exactly do you change the first two lines to?

  5. Aaron Englert says:

    I created an new related 'status' entity lookup with append /append to permission on the status entity only for one role.  Works perfect but  I also keep getting asked for securing existing fields. It occurred to me I can make the existing fields disabled and then put an on change to enable them on the status entity lookup field.

  6. wikky says:

    I tried it but it didn't work for me.  I have only one field and one security role I am dealing with…

  7. Could you please append a vise-versa of your current security roles says:

    Right now you have to add Role1 Role2 and Role3 to blacklist them. Could you please right a script that allows only Role 4 to edit. I as an admin may have multiple roles Sales Sanager AND Sales User.

  8. N3wb|3 says:

    Thank you so much for posting! Works like a charm in CRM 4.0.

  9. niark says:

    Is this method can work with team membership by changing the request ? and how ?

    thanj you

Skip to main content