Enable Field Security on specific records

(0) Share

Report

Posted on by Manuel Steiner

196

I'm new to the CRM-development.

I want to censor a few fields for all users except the admins but not for all records of the entity. The records have an attribute that is already censored and based on that I have to censor the rest. The attributes that have to be censored are included in views too.

Example:

A record has the attribute "recordid". If the attribute "recordid" is censored, then the attribute "custom_name" and "custom_firstname" should be censored for all users except the admins.

*This post is locked for comments

I have the same question (0)

All responses (12)

Answers (1)

Suggested answer

Iswarya 1,347 on at

Like (0)

Report

Hi,

you can hide few fields based on security role use this code,

function onload() {

debugger;

// returns true if the given security role exists for the user, else returns false

var results = CheckUserRole("System Administrator", Xrm.Page.context);

// alert(results);

if (results == true) {

Xrm.Page.ui.tabs.get("new_x").setVisible(true);

}

else {

Xrm.Page.ui.tabs.get("new_x").setVisible(false);

}

}

// This method takes SecurityRole Name and context as parameters

function CheckUserRole(roleName, context) {

debugger;

var userHasRole = false;

//get the current roles for the user

var userRoles = context.getUserRoles();

//get the roleids with the rolename

//the roleids can be multiple for multiple business units

var roleIdArray = FetchUserRoleIdWithName(roleName, context);

for (var userRole in userRoles) {

if (jQuery.inArray(userRoles[userRole], roleIdArray) != -1) {

userHasRole = true;

break;

}

}

return userHasRole;

}

function FetchUserRoleIdWithName(roleName, context) {

debugger;

var context = Xrm.Page.context;

var serverUrl = context.getClientUrl();

// var serverUrl = Xrm.Page.context.getServerUrl();

var oDataUri = serverUrl + "/XRMServices/2011/OrganizationData.svc/RoleSet?$filter=Name eq '" + roleName + "'&$select=RoleId";

var jSonArray = new Array();

jQuery.ajax({

type: "GET",

contentType: "application/json; charset=utf-8",

datatype: "json",

url: oDataUri,

async: false,

beforeSend: function (XMLHttpRequest) {

//Specifying this header ensures that the results will be returned as JSON.

XMLHttpRequest.setRequestHeader("Accept", "application/json");

},

success: function (data, textStatus, XmlHttpRequest) {

if (data && data.d != null) {

for (var count = 0; count < data.d.results.length; count++) {

jSonArray.push(data.d.results[count].RoleId);

}

}

},

error: function (XmlHttpRequest, textStatus, errorThrown) {

alert("Error : has occured during retrieval of the role " + roleName);

}

});

return jSonArray;

}

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Manuel,

I want to understand the requirement little better.

Based on which condition you are censoring the recordid field.

By meaning censor, you want to hide the field or just to hide the data in the field(i.e. Field label will be visible but not the data).

Thanks

Phanidhar

Was this reply helpful? Yes No
Suggested answer

Guido Preite 54,086 Moderator on at

Like (1)

Report

the easiest way it to create two additional fields that are always secured, so when the record should not be secured put the information in the two normal fields, when the record needs to be secured put the information inside the secured fields, admin can read always all in both cases and you don't deal with customizations

Was this reply helpful? Yes No
RaviKashyap 55,410 Moderator on at

Like (0)

Report

Hi Manuel,

You mentioned you have already censored(enabled field security) for recordid, Now you want to implement the same for 2 other field if recordid is cencored.

Why don't you just implement the field security directly to other field the same you did it for recordid?

Was this reply helpful? Yes No
Manuel Steiner 196 on at

Like (0)

Report

Hi Phanidhar

The value of the field recordid comes from an interface from another company that imports data. So our company didn't censor the other fields.

The customer just said censor the fields. Users should not have access to the field values in any way (even if they search it with the DOM explorer) because the fields contain private data.

Was this reply helpful? Yes No
Manuel Steiner 196 on at

Like (0)

Report

Hi Ravi Kashyap

unfortunately, we didn't censor the other fields. they come from another interface by another company. They won't censor the rest of the fields.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Manuel,

Field security profile is the best way to go...!!!!!

But you are saying you want to conditionally apply the rule for few records of an entity.

I think as user is not allowed to have access to the data in the field values even if he opens the DOM explorer he would not able to find the value in the field if Field level security is enabled.

But the only thing is you need to ensure except for system admins if others need access to data they should be part of Field Security profile.

They would not be able to access data from advanced find as well in this case.

Thanks

Phanidhar

Was this reply helpful? Yes No
Verified answer

RaviKashyap 55,410 Moderator on at

Like (0)

Report

Hi Manuel,

I don't think you can use field security to achieve this as you are looking for conditional security based on the field. I can't think of any straight forward way to achieve this.

As Guido suggested above, the easiest way is to have 2 sets f field secured & unsecured and based on the recordid field, populate the data on these field.

Was this reply helpful? Yes No
Suggested answer

ashlega 34,477 on at

Like (0)

Report

Hi,

if you wanted to use field security, you probably could.. but you would need to figure out how to apply the technique described here:

mscrmtools.blogspot.ca/.../create-truly-personal-field-with-field.html

And you may end up with a lot of sharing..

Was this reply helpful? Yes No
Suggested answer

Filip Vanchevski 215 on at

Like (0)

Report

Hi Manuel,

I have dealt with a similar problem this month i'm not sure if it will get the job done but it might give you an idea on how to proceed.

1. So if you go to settings and under field security you can create a new Field Security Profile.

2. Once you give it a name and description under common you can select the fields you want to update the security privs. For example you can allow read/create/update priv. for those fields.

3. After that in the Members section you can add members for which to apply the new Field Security Profile.

The only downside to this is that you will either have to create specific teams (if you have a lot of users) or simply add users, unfortunately i have not found a way to select all users that have a certain type of security role in the organisation, this means that you can apply this only for specific users which in turn means that depending on how many users you want to hide the fields from this solution might create a nightmare in terms of having to constantly update the new Security Profile as your user base increases.

Hope it helps, all the best! :)

Was this reply helpful? Yes No