Dynamics CRM Security Roles and Removing Quote Products

By - March 17, 2017

If you have ever wanted to restrict a user’s ability to remove a quote product from a quote you may have noticed that Microsoft Dynamics CRM security roles do not have specific rights for the quote product. If you your goal is to stop users from removing quote products from a quote (this also applies to opportunity products, order products and invoice products) and you have done a little research, you will find that most sources suggest that you remove the append rights from the quote entity.

That does work, because it also stops users from relating other entities to the quote as well. This is obviously limiting since we want users to be able to create orders from a quote, and removing the append rights to the quote would stop that user from creating an order and relating it to the quote.  We were recently tasked with finding a solution that would only limit the user’s ability to remove quote products but still allow the users to create orders from the quote.

The method explained in this post involves JavaScript and the use of the Ribbon Workbench to edit out of the box Dynamics CRM buttons. There are two areas that a user could use to remove a quote product from a quote. Either using the trash can button in the editable grid or opening the quote product and clicking the delete button there. Both of these aforementioned buttons can be edited using the Ribbon Workbench. The subgrid button uses the Mscrm.DeleteSelectedRecord command and the form uses Mscrm.DeletePrimaryRecord. We do not want to edit Out Of the Box Dynamics CRM actions but modifying a display or enable rule is pretty harmless. To accomplish our task we opted to add a custom JavaScript enable rule onto the both of the commands.

My first script was fairly simple and looked something like this:








In the code above, UserHasRole is a function that checks if the user has any security roles where the security role name matches the passed in variable, and the two variables are global variables and are set to the string security role name.

When the deleteButtonVisibilityForm function was added as an enable rule for the delete commands (Mscrm.DeleteSelectedRecord and Mscrm.DeletePrimaryRecord). During initial testing the functionality worked but it was a little confusing for users. With the change in place, the delete button was removed from the form (which was the desired result) but the trash can button remained in the subgrid. Interestingly, even though the button was displayed on the subgrid, if a user did not have the proper role they could click it all day and nothing would happen. In order to avoid any confusion we added some alerts:









With this new function, when users tried to click the trashcan button, if they did not have one of the two roles, they would be alerted with the string above. The only problem is that the enable rule would run on load of the quote product form so they would get alerted on load of the quote product form. In the end we decided to have two functions, one without alerts for the form and one with alerts for the subgrid.

This method depends on the UserHasRole function. Feel free to reach out if you have more interest in the UserHasRole function.

For more information about how to get the most out of your Dynamics CRM Solution, contact our experts at RSM. 855-437-7202.

by Steve Trefz for RSM


Receive Posts by Email

Subscribe and receive notifications of new posts by email.