Hide or Display a Ribbon Button Based on Logged in User Entity Privileges



In any software product, the aspect of Security perhaps plays the most important part. In Microsoft CRM Consulting, D365 - Customer Engagement too, the developers must ensure that there are no security breaches when it comes to making configurations and customizations.

Customer Engagement

In this blog, we are going to learn how a CE developer can hide or display a Ribbon button depending on what the Entity Privileges are in the Security Roles assigned to the signed-in user. Let us consider the following real-time scenario:

There needs to be a custom Ribbon Button on the Case main form labeled – Under Review, on click of which the status of the Case record gets updated to Reviewing. But this button must be visible to only those users who have a ‘Write’ privilege to the Case entity in any of their assigned security roles. For others, the button must be kept hidden.


1. A valid Dynamics-365 CRM Instance

2. Ribbon Workbench – To create and edit our custom ribbon buttons.

Are you looking at security or any other user entity privileges?

Aegis Softtech will assist your organization’s systems with the best configurations. Reach out to us for specific requirements.

The latest version can be downloaded from the official website – https://www.develop1.net/public/rwb/ribbonworkbench.aspx


  • 1. Sign in to your D365 CE instance (as a System Administrator) and create a new JavaScript web resource to add as a command to our custom button. Copy the following JS code to your web resource.

    // JavaScript source code function UpdateCaseStatus(primaryControl) { //Pass primaryControl CRM Parameter from Ribbon-Workbench var formContext = primaryControl; var entityId = formContext.data.entity.getId().substring(1, 37); var incidentData = { statecode: 0, statuscode: 4, }; //Update case status to Researching Xrm.WebApi.updateRecord("incident", entityId, incidentData).then( function success(result) { formContext.data.refresh(true); }, function (error) { formContext.data.refresh(true); } ); }
  • 2. Add a custom button labeled “Under Review” on the Case entity’s main form in the Ribbon Workbench. Add the created JS web resource as the command to this button.

    Customer Engagement


    Customer Engagement
  • 3. Add a Display Rule to the command wherein we specify that the button would be visible only to the users with at least one assigned security role having the Write privilege to the incident entity. Refer to the screenshot below.

    Customer Engagement
  • 4. Publish these customizations in the Ribbon Workbench.


  • I. Open a case record as a system administrator. You must be able to see our button.

    Customer Engagement
  • II. Navigate to the Admin Center and create a Dummy User.

    Customer Engagement
  • III. Create a custom security role that has only Read entity privilege (NOT Write) to the case entity.

    Customer Engagement
  • IV. Assign the security role created above to the Dummy User. [Note - To allow the Dummy User to successfully login, we assign one more basic security role like Common Data Service User (having no privilege to the Case entity)].

    Customer Engagement
  • V. Finally, login to CE as the Dummy User and verify if our custom button – Under Research is hidden.

    Customer Engagement


Hence, we comprehensively learned in this blog how we can hide or display a Ribbon Button based on the signed-in user’s Cyber security consulting services privileges, without having to write any code.

See you in my next blog! Take care and stay safe!

Related article

In many cases you will want to make an exact copy of a record. In this article, we will be discussing about the options that you have, to exactly do that.

To process MVC based applications build on asp.net development platform, Aegis developers are using jQuery.

There are different types of programs which are installed in desktops and laptops. ASP.NET is also one of those programs.

DMCA Logo do not copy