Looking for an Expert Development Team? Take two weeks Trial! Try Now

Hide or Display a Ribbon Button Based on Logged in User Entity Privileges



In any software product, the aspect of Security perhaps plays the most important part. In Microsoft Dynamics 365 - Customer Engagement too, the developers must ensure that there are no security breaches when it comes to making configurations and customizations.

Customer Engagement

In this blog, we are going to learn how a CE developer can hide or display a Ribbon button depending on what the Entity Privileges are in the Security Roles assigned to the signed-in user. Let us consider the following real-time scenario:

There needs to be a custom Ribbon Button on the Case main form labeled – Under Review, on click of which the status of the Case record gets updated to Reviewing. But this button must be visible to only those users who have a ‘Write’ privilege to the Case entity in any of their assigned security roles. For others, the button must be kept hidden.


1. A valid Dynamics-365 CRM Instance

2. Ribbon Workbench – To create and edit our custom ribbon buttons.

The latest version can be downloaded from the official website – https://www.develop1.net/public/rwb/ribbonworkbench.aspx


  • 1. Sign in to your D365 CE instance (as a System Administrator) and create a new JavaScript web-resource to add as a command to our custom button. Copy the following JS code to your web-resource.

    // JavaScript source code function UpdateCaseStatus(primaryControl) { //Pass primaryControl CRM Parameter from Ribbon-Workbench var formContext = primaryControl; var entityId = formContext.data.entity.getId().substring(1, 37); var incidentData = { statecode: 0, statuscode: 4, }; //Update case status to Researching Xrm.WebApi.updateRecord("incident", entityId, incidentData).then( function success(result) { formContext.data.refresh(true); }, function (error) { formContext.data.refresh(true); } ); }
  • 2. Add a custom button labeled “Under Review” on the Case entity’s main form in the Ribbon Workbench. Add the created JS web-resource as the command to this button.

    Customer Engagement


    Customer Engagement
  • 3. Add a Display Rule to the command wherein we specify that the button would be visible only to the users with at least one assigned security role having the Write privilege to the incident entity. Refer to the screenshot below.

    Customer Engagement
  • 4. Publish these customizations in the Ribbon Workbench.


  • I. Open a case record as a system administrator. You must be able to see our button.

    Customer Engagement
  • II. Navigate to the Admin Center and create a Dummy User.

    Customer Engagement
  • III. Create a custom security role that has only Read entity privilege (NOT Write) to the case entity.

    Customer Engagement
  • IV. Assign the security role created above to the Dummy User. [Note - To allow the Dummy User to successfully login, we assign one more basic security role like Common Data Service User (having no privilege to the Case entity)].

    Customer Engagement
  • V. Finally, login to CE as the Dummy User and verify if our custom button – Under Research is hidden.

    Customer Engagement


Hence, we comprehensively learned in this blog how we can hide or display a Ribbon Button based on the signed-in user’s security privileges, without having to write any code.

See you in my next blog! Take care and stay safe!

Read more -

DMCA Logo do not copy