locked
need help with security role's privileges and system views, is there any way to create custom keys for security roles? RRS feed

  • Question

  • Hello Friends,

    I need your help with security roles and system views for my dummy solution.

    I have two entities:

    1. Employee

    2. Department

    Employee Entity : Employee entity is to display system user's official and personal details/information as an employee. When I am creating employee record as System Administrator, I am assigning record to that user(each employee must be a system user). That user has 'Employee' security role and he/she can only view their own record (they are owner of their record because admin has assigned them their employee record after creation), so that each user can only view their information, they cannot view other employee's record. Employee entity has a lookup field for Department.

    Department Entity: Its a simple department list.

    Security Role: Employee

    My Requirements:

    1. Each user can only view their employee record (they are owner for their record).

    2. When a user(with employee role) opens Department record (e.g. Sales) they should view a list of all employees of that department (that can be using HTML web resource)

    My Issue:

    1. Because user with employee role have limited privilege, I am not able to fetch list of all employees for any department.

    2. If I give Employee role Organization level privilege for Employee entity then my first requirement will fail.

    3. If I give Employee role Organization level privilege for Employee entity and modify the default system view to show employee record where owner is current user that my administrator will not be able to view all employee records (he will be able to view his own employee record).

    *I can't use personal view because I can't export that with my solution.

    I also want to know that is there any way to create custom keys for security roles.

    Please guide me with this issue and tell be there is any possible solution or alternate for that.

    Thanks in advance,


    -- NMathur


    • Edited by nmathur Friday, February 24, 2012 8:42 AM
    Friday, February 24, 2012 4:32 AM

Answers

  • It sounds like your 2 requirements are mutually exclusive. In one, you say the user should only be able to view their record, and in the second requirement you state they should be able see all employess in their department. You can't have both.

    Do you want to the permissions to be that a user can view all fields of their own record, but only certain fields (those in the view) of other employees ? If so, this can be implemented using Field-level security to limit the fields that a user can see on other employee records


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by nmathur Friday, February 24, 2012 11:38 AM
    Friday, February 24, 2012 11:37 AM
    Moderator

All replies

  • When I actually log onto the Exchange Online Account I see that a draft email message has been created but not sent. When I manually open the draft email and click send I see the following error
    health article
    Friday, February 24, 2012 5:35 AM
  • It sounds like your 2 requirements are mutually exclusive. In one, you say the user should only be able to view their record, and in the second requirement you state they should be able see all employess in their department. You can't have both.

    Do you want to the permissions to be that a user can view all fields of their own record, but only certain fields (those in the view) of other employees ? If so, this can be implemented using Field-level security to limit the fields that a user can see on other employee records


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by nmathur Friday, February 24, 2012 11:38 AM
    Friday, February 24, 2012 11:37 AM
    Moderator
  • Thanks for reply David. Your answer is also helpful if I change my requirement. I am using solution provided by  daemonlin on my other post regarding this issue on Development forum:

    http://social.msdn.microsoft.com/Forums/en-SG/crmdevelopment/thread/065b48f9-1fe8-4729-ac4b-36c49662772a

    I also wanted to now that, if there is any way to hide any system view from particular group of user?


    -- NMathur


    • Edited by nmathur Friday, February 24, 2012 11:42 AM
    Friday, February 24, 2012 11:41 AM