CRM 2011 Field Security based on attribute value

2
votes

I have a situation where I want to use field security but only when an attribute on the record is a certain value. The entity is the contact and there is a bit attribute called VIP. When a user opens that record and the VIP value is true and they are not in the VIP team then the user cannot see the fields marked for field security.

Is it possible to write a plugin to do this, or is there a better solution?

3
dynamics-crm-2011dynamics-crm
What if the user opens the record and VIP is false?Bvrce
They can they can open the record and see all the fields. If it is true only people who have access can see the marked fields. I think I may have gotten security roles and teams mixed up. Field security only works with Teams right?Nathan Greenway
Field security works with custom entities only, and is not limited to teams. Is it only the VIP field that will be shown or hidden? From what I am understanding the user will be able to infer whether the Contact is a VIP or not based on the field being visible or not; so I am not seeing the point of field level security in this case. JavaScript would be an easy option to shown/hide fields, but the fields would still be "there" only hidden.Bvrce
The VIP field is not the field with security enabled on it, it is another custom field. If the VIP value is yes then people not in the VIP team will not be able to Read or Update the custom field. There is a VIP form and they are the only people who can modify the VIP field value.Nathan Greenway

3 Answers

2
votes

You could connect to the form's onLoad event and check the user's teams and the VIP field and show other fields accordingly.

Not sure if there's an easier way to get the teams, an OData request would be an option: http://msdn.microsoft.com/en-us/library/gg334767.aspx

Command would look like this:

var userid = Xrm.Page.context.getUserId();
var cmd = "/TeamMembershipSet?$select=TeamId&$filter=SystemUserId eq guid'" + userid + "'";

To set fields' visibility, have a look at this link: http://danielbergsten.wordpress.com/2011/02/15/crm-2011-javascript-for-hiding-a-field-based-on-another-fields-value/

0
votes

This can possible be solved with role based forms.

  • Create a new form for the VIP team
  • Choose a security role for the new form

    • Field level security in conjunction with role based forms is a good idea if the VIP field should never be accessible to lower privilege users; even through reports and other methods of accessing data. It is more work to manage field level security profiles as they are completely separate from security roles; they are assigned to users or teams.

    0
    votes

    Seems to me that you, the admin, had to be a member of the field level security role.

    I also had to restart IIS/CRM site for it to bite.