0
votes

I am working on Notes in MS CRM 2011.

I have many roles over many entities. I want role based security to notes for any entity records.

let me explain what i want:

Suppose i have an entity namely E1. Role R1 and R2 has read and write access to E1.

But i want that user having role R2 can only upload and view notes for any record of entity E1.

Hope now my requirement is clear to all of you.

Please suggest me how can i achieve it using MS CRM 2011.

2
R1 should not ever be able to see or edit any notes for E1 right?Should the user with R1 be able to read/edit notes for other entities?Andy Meyers

2 Answers

1
votes

I can think of two ways to do this.

  1. You can create a plugin on create/update of the annotation(note) and check if the note is related to entity E1 and check the roles of the user making the change and see if they only have the R2 role. If that is the case you can throw an InvalidPluginExecutionException with a message like 'You do not have permissions to edit/create these records'.

  2. You can try using role based forms or JS to hide the notes area for R1 users.

You probably want to use a combination of #1 & #2. The users can still access the notes via advanced find and thus will be able to edit those notes. The plugin will prevent that fringe case as well.


*Edit

There are a couple more things that you might be able to deal with the advanced find records. You can remove the annotation entity from advanced find via the unsupported method described here.

Otherwise there is one more thing you can do if you want to prevent those results showing up at all, and you want to stay supported. You can write a plugin on Post-RetrieveMultiple of the annotation entity to strip out the results directly from the return result. There are a couple downsides to this though.

  1. You are executing your plug-in every time the retrieve multiple is called on the entity. So this code will need to be as efficient as possible since that delay will be noticeable by the end user whenever they retrieve these records.

  2. Things like advanced find will display odd results. For example if your paging is set to 50 records and you strip out 10, they will only see 40 records on their page and the total record count will include the records you are stripping out.

0
votes

Through roles i don't know a way to do that, because you configure the access to notes generic, so applies to all entities. You have to access with Javascript navigating in DOM. Check a example:

document.getElementById("notescontrol").contentWindow.document.getElementById("NotesTable")

You can check this with the help of a develeper tool in your browser.