knowledgecenter-breadcrum

Knowledge Center

09 Oct, 2019

Identify field level permissions for specific user/team

Posted on 09 Oct, 2019 by Admin, Posted in Dynamics 365

Identify field level permissions for specific user/team Blogs

Identify field level permissions for specific user/team

Introduction

                Nowadays, developers frequently write JavaScript code on entity forms to read/modify field values. But, in some scenarios, our JavaScript code may not receive the expected value from the field (even though the value is present in the field). The possible reason could be field level security.

                If field level security is enabled for a field, and if logged-in user does not have READ right to the field, then JavaScript will get null value. This may result in incorrect business logic.

                Hence, to avoid such scenarios, it is better to check what level of permissions does logged-in user have. In this blog, I have given step by step implementation of Custom Action with Plugin to check what level of permissions user has on a field.

Tricky part in querying field permissions

1. In case of querying field permissions for team, we will follow below path. This is straightforward.

SELECT     fp.attributelogicalname, 
           fpcancreate, 
           fp.canread, 
           fp.canupdate 
FROM       teamprofiles TP 
INNER JOIN fieldsecurityprofile FSP 
ON         tp.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
INNER JOIN fieldpermissions FP 
ON         fp.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
WHERE      tp.teamid = 

2. In case of querying field permissions for user, we need to first check users association with security profiles and teams (in which the user is added as member) association with security profiles. Below will be query path for the same.

SELECT     fp.attributelogicalname, 
           fp.cancreate, 
           fp.canread, 
           fp.canupdate 
FROM       systemuserprofiles SUP 
INNER JOIN fieldsecurityprofile FSP 
ON         sup.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
INNER JOIN fieldpermissions FP 
ON         fp.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
WHERE      sup.systemuserid =  
UNION 
SELECT     fp.attributelogicalname, 
           fp.cancreate, 
           fp.canread, 
           fp.canupdate 
FROM       teamprofiles tp 
INNER JOIN teammembership tm 
ON         tm.teamid = tp.teamid 
INNER JOIN fieldsecurityprofile fsp 
ON         tp.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
INNER JOIN fieldpermissions fp 
ON         fp.fieldsecurityprofileid = fsp.fieldsecurityprofileid 
WHERE      tm.systemuserid = 

[Note: This clause gets field permissions of user which are assigned through Teams.]

Step-by-step guide

Create custom action

  • Create custom action with below configuration:
    • Scope:Global (not to specific entity)
    • Parameters
    •  

Explanation:

  • Why scope is set to Global?

This operation is not specific to any entity and developer might want to call the action for either system user or team. Hence, we have set the scope as Global.

  • Parameters description
Parameter Name Purpose
output This parameter will contain the result of the action. This will contain JSON string with all the security enabled fields and their permissions.
entityid This is an input parameter. It should contain either System User GUID or Team GUID.
primaryentity This is an input parameter. The valid values are either “systemuser” or “team”. This will determine whether field permissions are being identified for user or team.
fieldsecurityprofilename This input parameter contains the name of the Field Security Profile from which permissions will be retrieved.
entityname This is an optional input parameter. This should contain entity type code.
fieldname This is an optional input parameter. If you want to find permissions for any specific field, you can put its logical name in this parameter.

Locate file named GetFieldSecurityProfileAssociationAction.cs under Plugins project.

  • Register Post Operation – Synchronous plugin on action message.
  • Call the action. Sample input & output format is given below.

References

  • Link by Microsoft explains how to retrieve Field Permissions.

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/sample-retrieve-field-permissions

Comment

This is a Required Field

Loading

Recent Updates

Business Central thumbnail image
Blogs
06 Jan, 2025

What is Dynamics 365 Business Central? A Comprehensive Beginner's Guide

Dynamics 365 Business Central is a unified business management system offered by Microsoft. It helps businesses automate and manage various…

READ MORE
Thumbnail D365 for Marketing
Blogs
16 Dec, 2024

10 Reasons Why You Need Dynamics 365 for Marketing

This blog discusses the top 10 reasons to choose Dynamics 365 for Marketing to improve your business's marketing efforts.  …

READ MORE
Thumbnail_top 10 benefits of
Blogs
02 Dec, 2024

Top 10 Benefits of Microsoft Dynamics 365

This blog lists the advantages of Microsoft Dynamics 365, focusing on how it can improve your business operations.    …

READ MORE