Deny Read Permissions - Note Records

(0) Share

Report

Posted on by LukasBr

Hello Community,

I have an requirement concerning the "read-permissions" on note records based on the "created-by" informations.

The scenario is the following:

- All users should be able to see a given account record based on a field value (implemented by hierachical read-permission restriction + plugIn "sharing" of this account record if needed)

- The regarding notes of this account record should only be visible for the owner of the record. (implemented by a hierachical read-permission restriction)

What I am noticing now is that if I share the account record, all freshly created note records will be also read-shared.

I thought this will be caused by cascading-share setting of the relationship between account (1) <-> (N) note but this is not the case (Cascading = none).

Can anyone explain or reproduce this system behaviour?

Best Regards,

Lukas

All responses (4)

Answers (0)

LeoAlt 16,329 on at

Like (0)

Report

RE: Deny Read Permissions - Note Records

Hi partner,

Sorry for my late. You are right, hiding note tab is not a good option.

Thanks for sharing your solutions.

Have a nice day!

Best Regards,

Leo
LukasBr 35 on at

Like (0)

Report

RE: Deny Read Permissions - Note Records

I found the answer by myself. The Relationship Behaviour "Reparent: Cascade All" granted the read permission from account to new created notes.

I changed the setting to "Cascade none" and it worked like a charm.

Best Regards!
LukasBr 35 on at

Like (0)

Report

RE: Deny Read Permissions - Note Records

Hi Leo,

thanks for your advice!

You got the point - In my understanding there should be a separation of the reading permission via owning-source and sharing source of these two entities.

The base-concept should be -> Two Teams can read the account but just can read their own notes appending to the account

So concering this model, hiding the notes-tab on the form-level is sadly not an option.

Best Regards!

Lukas
LeoAlt 16,329 on at

Like (0)

Report

RE: Deny Read Permissions - Note Records

Hi partner,

The reason is when you share a record to other use, he will also have the permission of the record.

If you want to keep only the primary owner could see note, you could use JS code like bellow and add the function to form onload event.

function ifOwner(executionContext) {

    var formContext = executionContext.getFormContext();

    //get current user id

    var useridOrg = Xrm.Page.context.getUserId();

    var userid = useridOrg.substring(1, useridOrg.length - 1);

    var owner=formContext.getAttribute("owner").getValue();

    var ownerid=owner[0].id;

    if(ownerid!=userid){

        //hide the note tab in classic client

        Xrm.Page.ui.tabs.get("note").setVisible(false);

    }

}

But this is only available in classic client because in UCI the "note" is an option in TimeLine.

Hope it helps.

Best Regards,

Leo

Deny Read Permissions - Note Records

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates

Deny Read Permissions - Note Records

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Subscribe to

Leaderboard

Featured topics

Product updates