RSS

Tag Archives: Security Role

Customization of CRM Application on Basis Of Security Role

Introduction

This article is about the change in CRM Application page made as per the role.

Requirement

There was a need which was made in a project to show only those views, buttons and links which are relevant for a particular role. Here are few steps which I took to customize the CRM as per Role.

Changes which are need to be made

  1. Change in the security role
  2. Customization of all the CRM form (Home page, Form Data Entry page, Form grid page)
  3. Changing the views according to the roles

Change in the security role

Change in the security role is made in the Setting → Administration → Security Role.

The privilege can be given on the basis of

  1. None:- That privilege will not be given
  2. User :- That user will able to do operation on his/her records only.
  3. Business Unit :- That user will able to do operation on his/her business unit records only.
  4. Parent Business Unit :- That user will able to do operation on his/her parent business unit records only.
  5. Organization :- That user will able to do operation on all records.

Security Role

Customization of all the CRM form (Home page, Form Data Entry page, Form grid page)

There are two things which are needed to be changed:-

  1. Ribbon Button
  2. Site map

Ribbon button Customization

Steps(Example :- Advance Find):-
  1. Create an entity in the name of the button (new_advancefindrole)
  2. Give the permission to the entity(new_advancefindrole) in the Security Role under custom entity(Read).
  3. Open the ribbon solution in a ribbon editor.
  4. Add a new button and copy  the (detail,action , display rule, enable rule ) from advance find to new button
  5. Add a new display rule
    1. Entity Privilege rule
    2. Give the name of the entity(new_advancefindrole)
    3. Privilege depth :- Basic
    4. Privilege type :- Read
    5. Default :- true
    6. Invert Result :- false
  6. Hide the original advance find button(we can’t change the display rule in original advance find as it is managed)
  7. Save the customization
  8. Give permission under security role to entity(new_advancefindrole) to read to show in different roles.

Site Map

Steps(Example :- Settings):-

  1. Create an entity in the name of the button (new_settingsrole)
  2. Give the permission to the entity(new_settingsrole) in the Security Role under custom entity(Read)
  3. Export the “Site map” solution from the CRM
  4. Open Customization.xml in an xml editor
  5. Find “Area Id=<AreaName>(Ex :- Settings)” tag. Paste the Code Below
  6. Paste this code under every subarea of the settings
  7. Save the solution zip it , import it and publish it
  8. give permission under security role to entity(new_settingsrole) to read to show in different roles.

Changing the views according to the roles

Showing the view according to the role. There are two method in which this can be done :-

  1. By plug-in
  2. By creating personal view and sharing it with team

By Plug-in

Steps:-

  1. Create the Plug-in with following code.
  2. By this plug-in the view Starting from “My” will not be shown
  3. Register it :-
    1. Message :- RetriveMultiple
    2. Primary Entity :- savedquery
    3. Eventing :- Per-operation
    4. Execution Mode:- Synchronous
    5. Deployment:- Server

Plug-in Code:-

using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Text;
using System.Xml;
using System.Xml.XPath;
using Microsoft.Crm.Sdk;
using Microsoft.Xrm.Sdk;
using Microsoft.Xrm.Sdk.Query;
using Microsoft.Xrm.Sdk.Messages;
using Microsoft.Crm.Sdk.Messages;

namespace Excitation.PluginHideSystemViews
{
    public class CheckView : IPlugin
    {
        public void Execute(IServiceProvider serviceProvider)
        {
            try
            {
                // Obtain the execution context from the service provider.
                Microsoft.Xrm.Sdk.IPluginExecutionContext context = (Microsoft.Xrm.Sdk.IPluginExecutionContext)
                serviceProvider.GetService(typeof(Microsoft.Xrm.Sdk.IPluginExecutionContext));
                // Obtain the organization service reference.
                IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
                IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);

                // The InputParameters collection contains all the data passed in the message request.
                if (CheckRole(context.UserId, "Salesperson", service))
                {

                    if (context.InputParameters.Contains("Query") == true && context.InputParameters["Query"] is QueryExpression)
                    {
                        QueryExpression qe = (QueryExpression)context.InputParameters["Query"];

                        if (qe.EntityName == "savedquery")
                        {
                            if (qe.Criteria != null)
                            {
                                if (qe.Criteria.Conditions != null)
                                {
                                    /*The query is edited to look at views not starting with "My" at the begining of the View Name*/
                                    ConditionExpression queryCondition = new ConditionExpression("name", ConditionOperator.NotLike, "My%");
                                    qe.Criteria.Conditions.Add(queryCondition);
                                    //context.InputParameters.Properties[ParameterName.Query] = qe;
                                    context.InputParameters["Query"] = qe;
                                }
                            }
                        }

                    }
                }
                else
                {
                    QueryExpression qe = (QueryExpression)context.InputParameters["Query"];
                    context.InputParameters["Query"] = qe;
                }
            }
            catch (Exception e)
            {

            }
        }

        //check if the user belongs to the specified role....
        private static bool CheckRole(Guid UserGuid, string SecurityRole, IOrganizationService CrmService)
        {
            #region Retrieve records from an intersect table via QueryExpression

            //Create Query Expression to fetch Role Entity
            QueryExpression Query = new QueryExpression()
            {
                //Setting the link entity condition and filter condition criteria/
                LinkEntities =
                        {
                            new LinkEntity
                            {
                                LinkFromEntityName = "role",
                                LinkFromAttributeName = "roleid",
                                LinkToEntityName = "systemuserroles",
                                LinkToAttributeName = "roleid",
                                LinkCriteria = new FilterExpression
                                {
                                    FilterOperator = LogicalOperator.And,
                                    Conditions =
                                    {
                                        new ConditionExpression
                                        {
                                            AttributeName = "systemuserid",
                                            Operator = ConditionOperator.Equal,
                                            Values = { UserGuid }
                                        }
                                    }
                                }
                            }
                        }
            };
            Query.EntityName = "role";

            Query.ColumnSet = new ColumnSet(true);

            // Obtain results from the query expression.
            EntityCollection UserRoles = CrmService.RetrieveMultiple(Query);

            // Searching for a specified Security Role into the list
            String test = "";
            test = UserGuid + "   \n";

            foreach (Entity UserSecurityRole in UserRoles.Entities)
            {
                test += (String)UserSecurityRole.Attributes["name"] + "  \n";
                if ((String)UserSecurityRole.Attributes["name"] == SecurityRole)
                {
                    return true;
                }
            }
            Entity testE = new Entity("new_transfer_opp");
            testE.Attributes["new_name"] = test;
            CrmService.Create(testE);
            if (UserRoles.Entities.Count == 0)
            {
                //return false as the role does not present
                return false;
            }
            else
            {
                return false;
            }

            #endregion

        }
    }
}

By creating personal view and sharing it with team

Steps(Example:- Sale manager):-

  1. Create a team(Sales manager) and add user to that team (Team is added under Administration)
  2. Create a view by Advance find Save that view
  3. Go to saved view and share the view to the team you want to see that view.

View Cutomization

By Sukant Shekhar
Senior Software Engineer @Team DynamicsCRM.
Mindfire Solutions

 

Tags: , , , , , , , , , , , , , , , , , , ,

 
%d bloggers like this: