Restrict approving dynamics crm task based on level

0
votes

Requirement for restricting approving a task, so I have a task in CRM that needs user to approve to process some actions after. however restriction needs to be applied. based on scenario below;

  • each user will be grouped in either Level 1,2,3,4,5. (thinking of doing this via OOTB Teams for each level and adding user(s) to each team)

    • when task is created it will be pre-populated with a particular level (field popualated with level).
    • user can then only approve tasks that are assigned to their level or below; eg. if user if level 3 they can approve tasks that have been assigned level 1 or 2.
    • user will approve tasks by populating option set to approved

What would we be best way to achieve this, ideally looking for OOTB method.

1
dynamics-crmmicrosoft-dynamicsdynamics-crm-2013dynamics-crm-online
Field Security was my immediate thought, but I don't think it will apply because of the different levels. I think you will need to do this via a custom workflow or plugin - is it ok if the user is allowed to set the "approval" optionset and then click save, and then have their approval validated server-side? - jasonscript
Yes thats Fine should only prevent user to updating task to complete. However needs to be highly secure so can’t be done via bulk edit views, data import , web api etc - KCodeR

1 Answers

0
votes

I think you need to write server-side code, probably a plugin to achieve this. A plugin will execute regardless of the event source (bulk edit; import; api)

Plugins are also harder to "accidentally" deactivate as they can only be accessed via the Plugin Registration tool

The plugin should be registered on the Update message in the pre-operation pipeline. You will probably need to register a Pre-Image that contains the necessary fields (e.g. Task Level)

The plugin will then:

  1. Read the Level (Level 1, 2, 3, 4, or 5) from the Task (or Pre-Image)
  2. Read the current user's details
  3. Determine if the current user is within the correct team
  4. If the Team is not correct, throw a InvalidPluginExecutionException to prevent the Task Save

This should prevent users (who don't have the right team) from saving the Task

Additionally, the plugin step registration should have an attribute filter so that the plugin only executes when the Approval optionset has changed