Before explaining the tool in detail below are the list of pre-requisites and assumptions that this tool follows.
- .NET identity framework 3.5 should be installed to run the application
- The user using this tool for configuration should have System Administrator role in CRM
- Microsoft CRM Asynchronous processing service should be up and running while using this tool. This tool leverages the ASYNC service of CRM and security configurations would be incomplete if the async service is not running.
- The tool works on the assumption that are no security roles with duplicate names. Having roles with duplicate names and configuring profile for that role might cause the application to work incorrectly.
The below points explain in detail on how to use the tool and how the tool works.
- Go to Downloads section and download the zip file “FieldSecurityForRoleConfigurator.zip”.
Once downloaded extract the zip file and you would find two folders
- FieldSecurity_Executables – The folder contains the executable which is a windows application that would allow you to configure field level security for the security roles.
- FieldSecurity_Managed – This folder contains the managed solution that you would require to import into your organization.
- Import the Managed solution which is present in the folder – FieldSecurity_Managed.
- Once the managed solution is imported successfully, open the folder FieldSecurity_Executables and then double click the file
FieldSecurity.exe to launch the windows application. The application would appear as in the screenshot below.
- Connect to your CRM instance using the connection manager in the status bar.
- Once connected to the organization, you should be able to view two sections on the form, the top section lets you to enable/ disable field security for attributes of the entity.
Please note that only fields which can be enabled for field security will show up here. Click on the
‘Load Entities’ button and all the entities would be load. Click on any entity in the grid and all the attributes for which field security can be configured will show up. As in the screenshot below I have clicked on the entity - ‘Field security
Test Entity’ and all the custom attributes of the entity comes up.
- You can now select/ unselect the checkboxes corresponding to each of the fields and accordingly field security would be enabled/ disabled for the field. You do not need to browse through the application to again enable/ disable field security for the attributes.
Let me enable field security for ‘Field 1’ and ‘Field 2’ respectively.
- Let us now concentrate on the lower section of the form. Before going into the demo, I have the following set-up.
- TestUser with security role – SalesPerson
- Team name - ‘Field Security team 1’ with role of Salesperson
- Team Name - ‘Field security team 2’ with role of Marketing Manager.
I would be using these teams and user to demo the tool functionalities. I have provided full access to the Sales person role and the Marketing Manager role on the Field security Test Entity.
- Let us first check when the ‘Test user’ logs in to CRM and tries to create a new record of Field Security Test entity. Below is the screenshot of the same.
- As you can see since field security has been enabled for Field 1 and Field 2, the user cannot edit the field. Let us now go ahead can configure using our tool. Since our Test user is having “SalesPerson” role, we would first configure with that role.
- I click on ‘Load Roles and Profile’ image icon in the lower section of the tool. Once everything loads successfully, a screen similar to the below screenshot would appear.
- As you can see, the grid shows all the attributes from all the entities for which field security has been enabled.
- Now I select ‘Salesperson’ role from the role drop down and select the fields to be enabled for create and i click on Save. Once save is completed, you would see a popup similar to the screen below.
- What the pop-up says basically is that the field security configuration for security role ‘Salesperson’ for attributes ‘Field 1’ and ‘Field 2’ is happening async. Since this security configuration is an expensive operation, i have deliberately made them
async. Make sure CRM asynchronous service is running fine. Otherwise this operation would not complete. You can see the progress of the operation whether succeeded/ failed through the ‘Field security audit’ entity. It is available under settings section.
- As you can see, the field security profile configuration for the security role ‘Salesperson’ has completed successfully. If there is any error, then the error message would also be logged here.
- Let us now see if what the Test User sees when we refresh the create form.
- As expected the user is now able to enter values for Field 1 and Field 2 and save the record.
- Now let us go back to the tool and configure for role marketing manager. I select the role as ‘Marketing Manager’ and enable ‘Field 2’ for update and then click on ‘Save’. Once again I go and check the audit entity whether the operation has successfully
completed. Please check for the screenshots below.
- Once the operation has complete successfully, I now go the user screen and add the ‘test user’ to the team ‘Field Security Team 2’. Please check for the screenshot below.
- Now when I refresh the record one more time, i could see that Test User can read & update the field 2, but field 1 is still not readable by Test User. This is because when the user was added to the ‘Field Security Team 2’, the user got the role of Marketing
Manager since the team had that role and hence the user was able to read & modify the field 2.
- Now I go ahead & remove the marketing manager role from the Field Security Team 2. Now when the Test user refreshes the record, the field 2 again becomes un-readable.
- Now again I go back to the user and this time I associate the role ‘Marketing Manager’ to the user directly. Now when ‘Test User’ logs in and refreshes the record, he is able to read and modify field 2.
- Similarly you can configure this for all security roles. If you remove members from the team which has a security role for which field security is configured, this tool will also take care of that.
- Now let’s say that you want to remove field security configurations that you have done for one role. Simply go back to the tool click on ‘Delete Profile’. This would delete all the field security configurations that you have done for that security role.
Please check for the screenshot below.
One more point here, if at any point of time while using this tool, if you face any errors while adding or removing users from teams or associating/ disassociating roles from team/ users and you believe this is coming from the tool, no worries. You can uninstall
the whole solution since it is a managed one. Every component of it would be removed.
Not sure if this is tool for which you are getting the error? Well open your plugin registration tool and connect to your organization. Once you connect look for the assembly - “FieldSecurityRoleConfigurator.Plugins” and you would see the
steps registered. You can unregister them. Some steps are synchronous. If you find performance is an issue, then make them async. Please check for the screenshot below.
If you make the steps async, remember to check the progress through the ‘Field Security Audit Entity’ as i explained earlier.
Hope this helps!