Share via

Field Level Security for Microsoft Dynamics CRM 4.0

  • Article

Here is a simple way to enable Field Level Security for Microsoft Dynamics CRM 4.0. This soluion is a ‘simple’ workaround :-) and only works on CRM Forms. the aim is to disabled fields following security roles.

Before:

image

After:

image

Just Copy/Paste the following code on the onload event and change the 2 first lines :

var _roles = ['roleX','System Administrator']; //array of security roles name

var _fields = ['name', 'accountNumber']; // array of field schema names to disable

UpdateFields();

/* Functions */

function UpdateFields() {

    var oXml = GetCurrentUserRoles();

    if (oXml != null) {

        var roles = oXml.selectNodes("//BusinessEntity/q1:name");

        if (roles != null) {

            for (i = 0; i < roles.length; i++) {

                for (j = 0; j < _roles.length; j++) {

                    if (roles[i].text == _roles[j]) {

                        for (k = 0; k < _fields.length; k++) {

                            try {

                                document.getElementById(_fields[k]).Disabled = true;

                            } catch (e) {

                            }

                        }

                        return;  

                    }

                }

            }

        }

    }

    return;

}

function GetCurrentUserRoles() {

    var xml = "" +

"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +

"<soap:Envelope xmlns:soap=\"https://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"https://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"https://www.w3.org/2001/XMLSchema\">" +

GenerateAuthenticationHeader() +

" <soap:Body>" +

" <RetrieveMultiple xmlns=\"https://schemas.microsoft.com/crm/2007/WebServices\">" +

" <query xmlns:q1=\"https://schemas.microsoft.com/crm/2006/Query\" xsi:type=\"q1:QueryExpression\">" +

" <q1:EntityName>role</q1:EntityName>" +

" <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" +

" <q1:Attributes>" +

" <q1:Attribute>name</q1:Attribute>" +

" </q1:Attributes>" +

" </q1:ColumnSet>" +

" <q1:Distinct>false</q1:Distinct>" +

" <q1:LinkEntities>" +

" <q1:LinkEntity>" +

" <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" +

" <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" +

" <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" +

" <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" +

" <q1:JoinOperator>Inner</q1:JoinOperator>" +

" <q1:LinkEntities>" +

" <q1:LinkEntity>" +

" <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" +

" <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" +

" <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" +

" <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" +

" <q1:JoinOperator>Inner</q1:JoinOperator>" +

" <q1:LinkCriteria>" +

" <q1:FilterOperator>And</q1:FilterOperator>" +

" <q1:Conditions>" +

" <q1:Condition>" +

" <q1:AttributeName>systemuserid</q1:AttributeName>" +

" <q1:Operator>EqualUserId</q1:Operator>" +

" </q1:Condition>" +

" </q1:Conditions>" +

" </q1:LinkCriteria>" +

" </q1:LinkEntity>" +

" </q1:LinkEntities>" +

" </q1:LinkEntity>" +

" </q1:LinkEntities>" +

" </query>" +

" </RetrieveMultiple>" +

" </soap:Body>" +

"</soap:Envelope>" +

"";

    var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");

    xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);

    xmlHttpRequest.setRequestHeader("SOAPAction", " https://schemas.microsoft.com/crm/2007/WebServices/RetrieveMultiple");

    xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");

    xmlHttpRequest.setRequestHeader("Content-Length", xml.length);

    xmlHttpRequest.send(xml);

    var resultXml = xmlHttpRequest.responseXML;

    return (resultXml);

}

/* Functions */

 

 

Pierre-Adrien FORESTIER | PAF | https://blogs.msdn.com/paf

Comments

  • Anonymous
    March 07, 2010
    Great info, thanks for sharing!

  • Anonymous
    June 23, 2010
    works like heaven...thanks

  • Anonymous
    July 22, 2010
    Works like a charm, it really helped me to do my job. Thanks a lot for your hard work

  • Anonymous
    October 06, 2010
    What exactly do you change the first two lines to?

  • Anonymous
    October 18, 2010
    I created an new related 'status' entity lookup with append /append to permission on the status entity only for one role.  Works perfect but  I also keep getting asked for securing existing fields. It occurred to me I can make the existing fields disabled and then put an on change to enable them on the status entity lookup field.

  • Anonymous
    March 25, 2011
    I tried it but it didn't work for me.  I have only one field and one security role I am dealing with...

  • Anonymous
    October 04, 2011
    The comment has been removed

  • Anonymous
    October 04, 2011
    Thank you so much for posting! Works like a charm in CRM 4.0.

  • Anonymous
    November 22, 2011
    Is this method can work with team membership by changing the request ? and how ? thanj you