web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Blogs / Learn Dynamics CRM in Finger Tips / CHECK IF LOGGED-IN USER HAS...

CHECK IF LOGGED-IN USER HAS REQUIRED SECURITY ROLE USING JAVA SCRIPT

Views (1959)
chakkay Profile Picture chakkay 594

This blog will discuss how to check if logged in user has required security roles using client-side scripting (java script). In CRM tenants with multiple BU and security roles, it is often necessary to hide buttons based on the security role of logged-in user. You can invoke below code in your JS to check if the user has respective security role and belongs to required BU and perform necessary actions on client side:

    function checkIfUserHasSecurityRole() {
            // Check if user has 'Sales Rep' or 'Sys Admin' role
            var userSettings = Xrm.Utility.getGlobalContext().userSettings;
            var securityRoles = userSettings.securityRoles;
            var validSecurityRoles = getValidSecurityRoles();
            var isSalesUser = false;

            for (var i in validSecurityRoles) {
                if (securityRoles.indexOf(validSecurityRoles[i]) > -1) {
                    isSalesUser = true;
                    break;
                }
            }

            if (isSalesUser) {
                return true;
            }
            else {
                return false;
            }
    
    }


function getValidSecurityRoles() {
        var validSecurityRoles = [];
		$.ajax({
			type: "GET",
			contentType: "application/json; charset=utf-8",
			datatype: "json",
			url: Xrm.Page.context.getClientUrl() + "/api/data/v9.1/roles?$select=_businessunitid_value,roleid,roleidunique&$filter=name eq 'Sales%20Rep' and  name eq 'System%20Administrator'",
			beforeSend: function(XMLHttpRequest) {
				XMLHttpRequest.setRequestHeader("OData-MaxVersion", "4.0");
				XMLHttpRequest.setRequestHeader("OData-Version", "4.0");
				XMLHttpRequest.setRequestHeader("Accept", "application/json");
				XMLHttpRequest.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
			},
			async: true,
			success: function(data, textStatus, xhr) {
				var results = data;
				for (var i = 0; i < results.value.length; i++) {
					var _businessunitid_value = results.value[i]["_businessunitid_value"];
					var _businessunitid_value_formatted = results.value[i]["_businessunitid_value@OData.Community.Display.V1.FormattedValue"];
					var roleid = results.value[i]["roleid"];
					if (_businessunitid_value_formatted == "BU1" || _businessunitid_value_formatted == "BU2") {
                            validSecurityRoles.push(roleid);
                        }
				}
			},
			error: function(xhr, textStatus, errorThrown) {
				Xrm.Utility.alertDialog(textStatus + " " + errorThrown);
			}
		});
        return validSecurityRoles;
    }

My business requirement is to show a button only to logged-in users who have sales rep/sys admin security roles and who belong to BU1 or BU2. I created a display rule for button where I am invoking the function: checkIfUserHasSecurityRole() which will capture security privileges of logged-in user in a variable securityRoles. Next I am calling another function getValidSecurityRoles() which will make Web API call to CRM server to retrieve all roles of either sales rep or sys admin. We then push only roles which belong to BU1 or BU2 into validSecurityRoles array which is returned to main function. In main function, we will compare it with existing security roles to see if logged-in user has a matching role based on which we return true or false.

Comments

*This post is locked for comments