applying a filter in the entire system
-
31 มีนาคม 2551 9:06Let's suppose i would want to hide accounts based on the user permissions.
So a specific group of users should not see some accounts anywhere in the system (account list from the menu, lookup fields and so on); the filter condition would be the account name (accounts that start with a key word for example)
Is there any way that I could achieve this?
Best regards
ตอบทั้งหมด
-
31 มีนาคม 2551 10:55
Hi.
First of all, I suggest creating a new bit attribute to differentiate those accounts.
With a lot of work you might, basically, you need to insert an extra condition to all public and non Public views; you can use a plug-in on the retrieve multiple to do that.
Look at the following link for more information on how to hook to the retrieve multiple plug-in
http://crm.georged.id.au/post/2008/03/07/Displaying-inactive-records-in-associated-view.aspx
I suggest you create a new team, relate those unprivileged users to that team. For each request <plug-in> check if the user belongs to that team, if it does apply the condition.
Cheers,
Adi
-
31 มีนาคม 2551 11:31Thanks for the answer
The problem is that I'm using CRM 3.0 and unfortunatelly I see that the example might be for 4.0 version;
But were you saying that modifing the views might solve my problem? I can add a bit to account entity but how would I know what kind of user is requesting the list of accounts....
And the list of accounts from the menu is in any way connected to a view? Because i need to hide the accounts everywhere -
31 มีนาคม 2551 12:12
Hi.
If you're using v3.0 don't bother.
Anyway you can use a WhoAmI Request to get the current User.
But there is no way for you to hook into the Public / Saved views.
Cheers,
Adi
-
31 มีนาคม 2551 12:54ผู้ดูแลI think the only way to get this to work securely would be to use CRM permissions and business units. We've been able to make similar requirements work by assigning all sensitive accounts to a dummy user in a completely separate BU, then sharing permissions back to whoever should have access. However, this is only really viable if you plan for it from the outset in your BU design
-
31 มีนาคม 2551 12:54I think I could modify the accounts view dirrectly from db, i only need to get the correct permissions for the current user and this should do it I hope
well this is not working because the SUSER_SNAME() returns not the user authentificated by windows but the ASPNET user
it works fine when i select directly from view, but from application it won't work
now i'm really stuck -
4 เมษายน 2551 10:29So are you saying that I can just hide some accounts in every possible view and lookup field by using a new bussines unit that has one user and assigning those accounts to that user and sharing them to the users that have a specific role, something like that?
-
4 เมษายน 2551 13:34ผู้ดูแล Hiding accounts through Views only gives you the illusion of security. Using Advanced Find, a user will still be able to easily access the accounts. Also, reports would show these accounts as well.
Outside of David's recommendation, another option you could explore would be to seperate the sensitive data from the account into a sub entity and controlling seucurity on that through Roles. With this approach, all Accounts would still be viewable but the sensitive data would not.
