locked
CRM 2015 - How to limit Field Level Security based on unit/subunit ? RRS feed

  • Question

  • Hello,

    I have a problem with field level security. 

    I have entity entityX, and then have set of financial fields on this entityX.

    These fields are under field level security profile named "Financials".

    Next, I have a team which can read/write those fields. This team "Team1" is in business unit called "Subunit1".

    "Team1" has a role "ReadWholeOrganization", which enables it to read entityX from complete organization.

    "Team1" also has a role "WriteOwnOrganization", which enables users from this team to read and change entityX in his unit and sub-units.

    How can I disable "Team1" users to see financial data for entityX, if entityX is  owned by users outside "Team1" users unit?

    In other words,  i want "Team 1" users to see all entityX entities based on "ReadWholeOrganization" role, but I don't want them to see financial data for complete organization. I want "Team1" to see financial data only for their unit and subunits.

    How can I solve this?

    Extracting financial fields in another entity is out of the question.


    Friday, March 13, 2015 7:29 AM

Answers

  • Hello bt_programmer,

    I don't think you can achieve your goal with customization and security tweaking.

    The only way I see for solving this is to create a plugin that runs on the retrieve and retrievemultiple event of that entity and that removes the value you want to hide from the attributecollection of the retrieved entity or entities.

    Using this approach you can code the intended security behavior in your plugin.


    • Marked as answer by bt_programmer Wednesday, March 18, 2015 10:48 AM
    Monday, March 16, 2015 2:26 PM

All replies

  • Write javascript to hide the fields if you need to hide them just from the form. Here is sample to assist.  However this way they will still see the fields in Advanced Find. 

    Hope this helps.
     
    -----------------------------------------------------------------------
    Minal Dahiya
    blog : http://minaldahiya.blogspot.com.au/

    If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful"

     

    Friday, March 13, 2015 11:14 AM
  • Hello bt_programmer,

    I don't think you can achieve your goal with customization and security tweaking.

    The only way I see for solving this is to create a plugin that runs on the retrieve and retrievemultiple event of that entity and that removes the value you want to hide from the attributecollection of the retrieved entity or entities.

    Using this approach you can code the intended security behavior in your plugin.


    • Marked as answer by bt_programmer Wednesday, March 18, 2015 10:48 AM
    Monday, March 16, 2015 2:26 PM