DESCRIPTION
In any software product, the aspect of Security perhaps plays the most important part. In Microsoft CRM Consulting, D365 - Customer Engagement too, the developers must ensure that there are no security breaches when it comes to making configurations and customizations.

In this blog, we are going to learn how a CE developer can hide or display a Ribbon button depending on what the Entity Privileges are in the Security Roles assigned to the signed-in user. Let us consider the following real-time scenario:
There needs to be a custom Ribbon Button on the Case main form labeled – Under Review, on click of which the status of the Case record gets updated to Reviewing. But this button must be visible to only those users who have a ‘Write’ privilege to the Case entity in any of their assigned security roles. For others, the button must be kept hidden.
PRE-REQUISITES
1. A valid Dynamics-365 CRM Instance
2. Ribbon Workbench – To create and edit our custom ribbon buttons.
Aegis Softtech will assist your organization’s systems with the best configurations. Reach out to us for specific requirements.
The latest version can be downloaded from the official website – https://www.develop1.net/public/rwb/ribbonworkbench.aspx
STEPS
-
1. Sign in to your D365 CE instance (as a System Administrator) and create a new JavaScript web resource to add as a command to our custom button. Copy the following JS code to your web resource.
// JavaScript source code function UpdateCaseStatus(primaryControl) { //Pass primaryControl CRM Parameter from Ribbon-Workbench var formContext = primaryControl; var entityId = formContext.data.entity.getId().substring(1, 37); var incidentData = { statecode: 0, statuscode: 4, }; //Update case status to Researching Xrm.WebApi.updateRecord("incident", entityId, incidentData).then( function success(result) { formContext.data.refresh(true); }, function (error) { formContext.data.refresh(true); } ); } -
2. Add a custom button labeled “Under Review” on the Case entity’s main form in the Ribbon Workbench. Add the created JS web resource as the command to this button.
Command:
-
3. Add a Display Rule to the command wherein we specify that the button would be visible only to the users with at least one assigned security role having the Write privilege to the incident entity. Refer to the screenshot below.
-
4. Publish these customizations in the Ribbon Workbench.
UNIT-TESTING
-
I. Open a case record as a system administrator. You must be able to see our button.
-
II. Navigate to the Admin Center and create a Dummy User.
-
III. Create a custom security role that has only Read entity privilege (NOT Write) to the case entity.
-
IV. Assign the security role created above to the Dummy User. [Note - To allow the Dummy User to successfully login, we assign one more basic security role like Common Data Service User (having no privilege to the Case entity)].
-
V. Finally, login to CE as the Dummy User and verify if our custom button – Under Research is hidden.
CONCLUSION
Hence, we comprehensively learned in this blog how we can hide or display a Ribbon Button based on the signed-in user’s Cyber security consulting services privileges, without having to write any code.
See you in my next blog! Take care and stay safe!