Controlling Button Visibility Based on User Roles in Dynamics 365

Introduction

Customizing user interfaces to enhance user experience is a critical aspect of CRM systems like Microsoft Dynamics 365. One such customization involves controlling the visibility of buttons based on the user's security roles. In this article, we delve into a practical approach to achieve this using JavaScript within Dynamics 365.

Objective

The goal is to control the visibility of a custom button on a Dynamics 365 form based on specified security roles. The button should only be visible to users with certain roles, which are defined by a list of role names.

Prerequisites

• XrmToolBox

Solution Overview

We use an asynchronous JavaScript function, checkUserRole, that retrieves the current user's roles and compares them with a predefined list of target roles. If the user has at least one of these roles, the button will be visible; otherwise, it will be hidden.

The Code

Here's the JavaScript function that needs to be added to your Dynamics 365 environment:

javascript
/**
 * Checks if the current user has any of the specified roles.
 * 
 * @param {object} primaryControl - The primary control, typically the form context.
 * @param {string} targetRoleNames - Comma-separated string of target role names to check against the user's roles.
 * @returns {Promise<boolean>} - A promise that resolves to true if the user has any of the specified roles, false otherwise.
 */
async function checkUserRole(primaryControl, targetRoleNames) 
{
  const fetchXml = `
  <fetch version="1.0" output-format="xml-platform" mapping="logical" distinct="true">
    <entity name="role">
      <attribute name="name" />
      <order attribute="name" descending="false" />
      <link-entity name="systemuserroles" from="roleid" to="roleid" visible="false" intersect="true">
        <link-entity name="systemuser" from="systemuserid" to="systemuserid" alias="ab">
          <filter type="and">
            <condition attribute="systemuserid" operator="eq-userid" />
          </filter>
        </link-entity>
      </link-entity>
    </entity>
  </fetch>`;
  try {
      const result = await Xrm.WebApi.retrieveMultipleRecords("role", "?fetchXml=" + encodeURIComponent(fetchXml));
      const userRoles = result.entities.map(role => role.name);
      const targetRolesArray = targetRoleNames.split(",").map(role => role.trim());
      return targetRolesArray.some(role => userRoles.includes(role));
  } catch (error) {
      console.error(error);
      throw error;
  }
}

Explanation

• checkUserRole is an async function that accepts two parameters: primaryControl (the form context) and targetRoleNames (a comma-separated string of role names).
• The function uses FetchXML to retrieve the current user's roles.
• targetRoleNames is split into an array, and the function checks if any of the user's roles match the roles in this array.
• If there's a match, the function returns true, making the button visible.

Implementation

1. Add the JavaScript Web Resource: Create a new JavaScript web resource in Dynamics 365 and add the above script.

2. Link to the Form: Edit the form where you want to control the button visibility. Add this new web resource to the form's libraries.

3. Set up the Enable Rule: In the form editor, select the custom button and set up an "Enable Rule" that points to the checkUserRole function.

4. Configure the Button: In the Enable Rule, pass the appropriate role names as a comma-separated string in the targetRoleNames parameter.

The command screenshot:

The enable rule screenshot:

Conclusion

This JavaScript-based solution offers a flexible and efficient way to control button visibility in Dynamics 365 based on user roles. It enhances user experience by tailoring the UI to match user privileges, ensuring a cleaner and more relevant interface for each user. Remember to test thoroughly in a sandbox environment before deploying to production.