In ribbon button customization, it is a common scenario to show the button only to a certain set of users who have a certain security role.
Security Role Scenario
- Let’s assume Subscription Manager is a security role in your Dynamics 365.
- And the Ribbon button will only be visible to the Users who have been assigned this Security Role.
- If they have this Role, they’ll be able to see the button as below
- And, if the Role is not assigned, the logged In user won’t be able to see the Button.
- See below that in this case, the button will not show up.
JavaScript Code to check assigned Security Roles to the logged in User
- Since we are going to use a CustomRule further in the Ribbon Workbench to pick a true or false value based on whether the logged in user has a Security Role or not, let’s write a quick JavaScript function to provision the same.
Tip: Make sure you now pass the PrimaryControl (context) to any JS functions and avoid using Xrm.Page since the same has been deprecated.
// JavaScript source code
contactFormCustomization = {
checkSubscriptionAccess: function (context) {
"use strict";
debugger;
var currentUserRoles = context._globalContext._userSettings.securityRoles;
var roleId = "BA69EA1F-A76E-EB11-A812-000D3A1948AB"; // Subscription Manager role
roleId = roleId.toLowerCase();
// Get all the roles of the Logged in User.
for (var i = 0; i < currentUserRoles.length; i++) {
var userRoleId = currentUserRoles[i];
if (userRoleId == roleId) {
// Return true if the Role matches
return true;
}
}
return false;
}
};
Refer this post which discusses a simple JavaScript function to use in order to check if the logged in User has a certain security role or not – https://medium.com/capgemini-microsoft-team/dynamics-365-v9-verify-logged-in-user-security-role-using-typescript-2de52f2ef04e
Explanation
- Hard-code the GUID of the Security Role which you are looking to check.
- Then read all the Security Roles assigned to the user.
- Once the Security Roles are found in the logged in User’s Security Role, return true. Else, return false.
Ribbon Button – Enable Rule
Let’s see how the button customization will look like in XrmToolBox’s Ribbon Customization –
- In Ribbon Workbench, you need to add a CustomRule under Enable Rules for the Ribbon button.
- Then, it asks for the JavaScript function (mention the function which returns a simple true or false based on above steps). and then mention the library –
Also, pass the context PrimaryControl and using the same, pick the Security Roles of the logged in user as mentioned in the JS code explanation above.
I’m naming my Enable Rule as SecurityRoleCheck.
Now, the CustomRule I’ve applied will call the JS function and is expected to receive either a true or a false based on the code. If false – the button will not be enabled, if true – the button will be enabled. - Now, make sure you add this Enable Rule to the Command (which is in-turn attached to the Ribbon Button itself)
Hope this was helpful. Here are some more XrmTool / Ribbon Button customization related posts you might find helpful –
- Ribbon button visibility based on a field value in Dynamics 365 | Ribbon Workbench
- Get GUID of the current View in Dynamics 365 CRM JS from ribbon button | Ribbon Workbench
- Pass Execution Context to JS Script function as a parameter from a Ribbon button in Dynamics 365 | Ribbon Workbench
- Pass selected rows’ GUIDs to ribbon button in D365 | Ribbon Workbench
- Debug Ribbon button customization using Command Checker in Dynamics 365 CE Unified Interface
- Show Ribbon button only on record selection in Dynamics CRM
- Hide Custom Ribbon Button [Easy Way] – Ribbon Workbench
- Enable Flow button on D365 Ribbon
- [SOLVED] Navigating URL from Ribbon’s custom button in Dynamics for Phones app
- Fix Ribbon icons on the Unified Interface in D365 CE
- Connecting XrmToolBox to an MFA enabled Dynamics 365 environment | Azure AD
- Find deprecated JS code used in your Dynamics 365 environment | Dynamics 365 v9 JS Validator tool | XrmToolBox
Thank you!!
Hard coding the GUID of the role is a bad practice since it changes depending on the business unit the user is on. I would rather hard code the name of the role
LikeLike
Yes, agreed. Rather have it on the name of the Security Role, retrieve it and then use that GUID.
LikeLike
Don’t need the guid. Use roles.getAll() instead of securityRoles in usersettings and you will get a collection of rôles with their Id AND name
LikeLike
I have followed the steps you indicate, but when the button is visible can’t be click. Do you know what it could be, or how can I fix it?
Thanks.
LikeLike
Hi, can you make sure that the Command is attached to the button? If that’s missing, the button won’t show up.
LikeLike
Yes, the Command is attached to the button. When I logged with the user role, it’s hidden correctly, but with a different user (without the user role), the button is visible like “view mode”. I can not click on it.
LikeLike
Hey buddy,
thanks for putting this together. I implemented it recently and came across an issue.
People which havent the designated security role assigned do randomly see the buttons, Once I refresh they disappear again, when I navigate back and forth the button some times show up and some times not.
I have changed the Default value to false at the CustomRule, that has fixed the issue but now people with the right security role often have to hit F5 in order to see the buttons.
Do you have any idea on how to fix this?
Thanks in advance!
Best regards,
Daniel
LikeLike
Oh! This is strange. Does this happen on a different browser too?
Also, can you try to Invert the actual logic and then Invert = true?
LikeLike