Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Field Level Security - Sonoma Sample RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I was excited to see the sample in Chapter 15 of "Programming Microsoft Dynamics CRM 4.0" but seem to be doing something wrong.  I've imported and published the two new entities, posted the unedited javascript to the Contact form's OnLoad() event, activated the code and published the entity.  I created a security behavior to hide the Administration tab and attached a security behavior role for users with the Salesperson role and activated.  In fact, I've done this several times.  Each time when logging in with a user having only the Salesperson role, the Administration tab is still there.  I've also created security behaviors to set particular attributes/fields to read-only, but still no joy.

    I haven't been able to find any published errata so I assume that the code in the download is correct.  I must assume that I'm not doing something - but what?

    Any ideas?  Or even anyone who has had success with this sample so that I know it's me and not the code?

    Thanks!
    Thursday, May 14, 2009 8:48 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi David,

    why not licensing the following solution. It is cheap and works great.

    http://mscrm4ever.blogspot.com/2008/11/crm-40-field-level-security-wizard.html

    -----

    CRM 4.0 Field Level Security Wizard

    The Field Level Security wizard is now available on GI’s company website.
    Click here if you wish to acquire the source code

    FLS Features and information:
    1. Supported Entities - All entity types (System, Customizable and Custom).
    You can find the entire entity list inside CRM advanced find window.


    2. Supports both online and offline modes.

    3. Supports the following CRM modules:
      1. Entity Form (Can be extended using client side API)
      2. Entity Print Form
      3. Entity Views
      4. Entity Views Print page
      5. Static Export to Excel
      6. Advanced Find
      7. Mail Merge
      8. Merge
      9. Filtered View (For Reports)
      10. Entity Associated views
      11. Lookup views
      12. CRM Workflows

    4. Supported Languages - FLS Customizations are available in all base languages – no language packs needed, But you’ll need to translate them your self.

    5. Supported Layouts - Dir RTL ( Right to Left ) and LTR ( Left to Right ) layouts

    6. Supports the following field level security modes:
      1.  Default – Field is not set
      2.  Hidden – Field is hidden on both crm form and views
        a.  Keep layout – the field space is kept
        b.  Collapse layout – the field space is collapsed for better presentation
      3.  Missing – Field is disabled , the user can not see the data
      4.  Disabled – Field is disabled , the user can see the data
      5.  Enabled – Override existing settings, the user has full permissions on the field.

    7. Supports “Formless” Entities – Entities that do not have a form like activity

    8. Supports Security Hierarchy:

      1. Business Unit level: Creation of FLS Templates that affect the entire business unit.
      2. Role Level: Inheritable security roles with an option to extend or override business unit settings
      3. User Level: Inheritable User settings with the option to create exceptions for users within the same role

    9. Fields View - Intelligent Orientation.

    The user can filter by:
      1. Field Type: Presents all available field types
      2. Existing: Presents existing Settings
      3. Placement: Presents fields that exist ON and OFF the CRM Form
      4. Tabs: Presents All Fields Categorized by Tab Name
      5. Sections: Presents All Fields Categorized by Section Name

    The wizard also supports Internet Facing Deployment (IFD) and IE8

    As you can see, we give a lot of attention to the entire usability issue. The idea is to enable the integrator / developer to achieve his FLS goals as fast as possible.

    The wizard is now available online. I’m sure you’ll find it worthwhile. Feel free to comment here or send your questions to fls@gicrm.com.

    -----

    Best regards,
    Jürgen
    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Saturday, May 16, 2009 7:35 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Does it help?

    CRM 4.0 : Check current user's security role using JavaScript


    Jim Wang - MVP Dynamics CRM - http://jianwang.blogspot.com , http://mscrm.cn
    Friday, May 15, 2009 6:39 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    be warned that the sonoma partners solution does not work offline.
    I've had to go the route of hide everything unless online then do a security check.
    Let me know if you need the code to make everything read only on a tab.
    Withers
    Friday, May 15, 2009 4:08 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Jim -

    Thanks - I've kept that post in mind as one of our options.

    Our situation is that we've enhanced the Contact entity with several tabs of additional information that is of interest to various teams, and each team would prefer that they only be able to edit "their" fields, so as to not risk "unintentional updates."

    I'm beginning to think that a preferred solution from a maintainability and "upgradability" perspective will be new entities for each team that link to the contacts and to those attributes that they want to have control over.  We'd then have an "Editor" role that gives full control over the base Contact entity, with all others only having read rights. This will "clutter" the model some, but seems to me to be less fragile than a lot of DOM coding.

    Or am I kidding myself?
    Friday, May 15, 2009 4:38 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Withers -

    If I decide to continue with the DOM approach that's likely the way I'll go.  I see your question from April 30 - which of the suggested solutions did you decide to use?

    Thanks,

    David
    Friday, May 15, 2009 4:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi David,

    why not licensing the following solution. It is cheap and works great.

    http://mscrm4ever.blogspot.com/2008/11/crm-40-field-level-security-wizard.html

    -----

    CRM 4.0 Field Level Security Wizard

    The Field Level Security wizard is now available on GI’s company website.
    Click here if you wish to acquire the source code

    FLS Features and information:
    1. Supported Entities - All entity types (System, Customizable and Custom).
    You can find the entire entity list inside CRM advanced find window.


    2. Supports both online and offline modes.

    3. Supports the following CRM modules:
      1. Entity Form (Can be extended using client side API)
      2. Entity Print Form
      3. Entity Views
      4. Entity Views Print page
      5. Static Export to Excel
      6. Advanced Find
      7. Mail Merge
      8. Merge
      9. Filtered View (For Reports)
      10. Entity Associated views
      11. Lookup views
      12. CRM Workflows

    4. Supported Languages - FLS Customizations are available in all base languages – no language packs needed, But you’ll need to translate them your self.

    5. Supported Layouts - Dir RTL ( Right to Left ) and LTR ( Left to Right ) layouts

    6. Supports the following field level security modes:
      1.  Default – Field is not set
      2.  Hidden – Field is hidden on both crm form and views
        a.  Keep layout – the field space is kept
        b.  Collapse layout – the field space is collapsed for better presentation
      3.  Missing – Field is disabled , the user can not see the data
      4.  Disabled – Field is disabled , the user can see the data
      5.  Enabled – Override existing settings, the user has full permissions on the field.

    7. Supports “Formless” Entities – Entities that do not have a form like activity

    8. Supports Security Hierarchy:

      1. Business Unit level: Creation of FLS Templates that affect the entire business unit.
      2. Role Level: Inheritable security roles with an option to extend or override business unit settings
      3. User Level: Inheritable User settings with the option to create exceptions for users within the same role

    9. Fields View - Intelligent Orientation.

    The user can filter by:
      1. Field Type: Presents all available field types
      2. Existing: Presents existing Settings
      3. Placement: Presents fields that exist ON and OFF the CRM Form
      4. Tabs: Presents All Fields Categorized by Tab Name
      5. Sections: Presents All Fields Categorized by Section Name

    The wizard also supports Internet Facing Deployment (IFD) and IE8

    As you can see, we give a lot of attention to the entire usability issue. The idea is to enable the integrator / developer to achieve his FLS goals as fast as possible.

    The wizard is now available online. I’m sure you’ll find it worthwhile. Feel free to comment here or send your questions to fls@gicrm.com.

    -----

    Best regards,
    Jürgen
    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Saturday, May 16, 2009 7:35 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    We are trying to become independent of 3rd party applications.  If you have ever worked with C360/Green4 you'd know why.

    Currently I disable the tab in question if it's offline or a user security role can not determined.  Cheap and dirty.

    Offline access is really a PIA, while it may make the user's life a tad easier, it manages to complicate EVERYTHING we develop.


    Withers
    Monday, May 18, 2009 9:51 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Withers,

    any JScript approach is unsecure. Everybody can access still any information by the crm web service.

    With above Wizard you could be independend because you get all the source code of the solution.

    Best regards,
    Jürgen
    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Friday, May 29, 2009 11:59 AM
    Moderator