Export (0) Print
Expand All

How to Control Update Access for a Field

banner art

[Applies to: Microsoft Dynamics CRM 4.0]

Microsoft Dynamics CRM does not provide true field level security, which hides a field from unauthorized users. Although unsupported methods are sometimes used to hide a tab or field in a form, these fields are still visible to users if they use Advanced Find or print a record. There is no supported technique to achieve true field level security.

However, you can disable fields on a form programmatically so that only designated users can update the value of the field.

There are 5 steps in this solution:

  1. Get the ID value that represents the owner of the record.
  2. When the form loads, use the WhoAmI Web service message to determine who the user is.
  3. Compare the current user against the list of approved users or to a known user.
  4. Disable the field if the current user matches the criteria.
  5. Add the code to the onLoad event of the entity form.

The scenario for this example is that only the owners of a Lead record should ever be able to edit the Topic field. This sample disables the Topic field for all users who view the record except for the owner of the Lead record.

Add a Script to run when a form is loaded

  1. In the Navigation Pane for the Web application, click Settings, click Customization, and then click Customize Entities.
  2. Open the Lead entity, and then click Forms and Views.
  3. Click Form, and then on the Actions toolbar, click More Actions, and then click Edit.
  4. Click Form Properties.
  5. Click onLoad, and then click Edit.
  6. On the Details tab, select the Event is enabled check box to enable the event, and in the text box, enter the body of the script shown below.

Example

// Get a reference to the owner of the record based
// on the owner field.
var owner = crmForm.all.ownerid.DataValue;
var strOwnerId= owner[0].id;

// Configure the <soap:Body> for the WhoAmIRequest.
 var soapBody = "<soap:Body>"+
 "<Execute xmlns='http://schemas.microsoft.com/crm/2007/"+
 "WebServices'>"+
 "<Request xsi:type='WhoAmIRequest' />"+
 "</Execute></soap:Body>";

// Configure the <soap:Envelope>.
 var soapXml = "<soap:Envelope " +
 "xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' "+
 "xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' "+
 "xmlns:xsd='http://www.w3.org/2001/XMLSchema'>";
 soapXml += GenerateAuthenticationHeader();
 soapXml += soapBody;
 soapXml += "</soap:Envelope>";

// Instantiate an XMLHTTP object to post to the CRM Web service.
var xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
 xmlhttp.open("POST", "/MSCRMservices/2007/crmservice."+
 "asmx", false);
 xmlhttp.setRequestHeader("Content-Type", "text/xml; "+
 "charset=utf-8");
 xmlhttp.setRequestHeader("SOAPAction", "http://schemas."+
 "microsoft.com/crm/2007/WebServices/Execute");
// Send the message.
 xmlhttp.send(soapXml);
// Capture the results.
 xmlDoc= new ActiveXObject("Microsoft.XMLDOM");
 xmlDoc.async=false;
 xmlDoc.loadXML(xmlhttp.responseXML.xml);
 var userid;
 try
 {
  var rawUserid = xmlDoc.getElementsByTagName("UserId")[0].childNodes[0].nodeValue;
  // The user ID has to be formatted to match the results
  // from the ownerid lookup field ID value.
  userid = "{"+rawUserid.toUpperCase()+"}";
 }
 catch (e)
 {
  err = xmlDoc.getElementsByTagName("description")[0].childNodes[0].nodeValue;  
  alert("Error :"+e.description+" : "+err);
 }
 // Disable the Topic field if the values do not match.
if (strOwnerId != userid)
{
crmForm.all.subject.Disabled = true;
}

Test your script

Note   You cannot test your script in the Form Preview because the Owner field of the preview does not contain any data. You should expect the following error:

  • There was an error in the field's customized event.
  • Field: window
  • Event:onload
  • Error:'0' is null or not an object

Follow these steps:

  1. Click OK to close the Event Detail Properties dialog box.
  2. Click OK to close the Form Properties dialog box.
  3. Click Save and Close to close the form.
  4. Publish your customizations by clicking Publish on the Actions menu.
  5. Click Save and Close to close the Entity:Lead window.
  6. Create a new Lead record and save it. You must enter a Topic for the Lead.
  7. Re-assign the Lead record you created by changing the value of the Owner field to set a different user as the owner.
  8. Notice that you are no longer able to edit the Topic Field.

© 2010 Microsoft Corporation. All rights reserved.


Show:
© 2014 Microsoft