- May 2, 2016
- Posted by: Raz Dynamics
- Category: Microsoft Dynamics CRM
The ability to customise the Sitemap in Dynamics CRM to show only the menu items required for a specific business area can help focus the user on their business task and help deliver bespoke business process requirements and user experience. Security roles allow you to restrict access to entities based on privileges assigned to the users security role, Disabling read access to an entity through the security role will also remove it from the Navigation, but will not hide the entire navigational menu unless all the Entity Sub groups are hidden. I have experienced that locking the Security privileges too tightly may interfere with other integrations that require the users credentials where the Users account should be able to read a particular record via SDK message or workflow, but not through the crm interface. Therefore I recommend using the following approach of creating a custom Entity which will create a security privilege you can use to control access to the Navigation for your CRM users, and then applying the Custom Security Privelidge to the Navigation SubGroups items using the Sitemap editor.
- Create Custom Navigation Entities, by doing so this will create a custom security group for your custom sitemap
Create a Custom Entity for each User group you want to customise the CRM Navigation Sitemap or Ribbon for. Ie . Sales Navigation, Service Navigation, Marketing Navigation, Collections Navigation etc
2. Update the Base Security for each of those groups with ‘Read’ Access to the corresponding customer Navigation entity. So the Sales Users will need ‘read; Access on the ‘Sales Navigation’ entity as shown below;
3. Update Sitemap Privileges for all the Sub Areas
The Default CRM Sitemap consists of Main Areas of Sales, Marketing, Service and Settings as below;
These main CRM Navigation areas that we are interested in hiding also consist of Sub Areas, which are the entities.
In order to hide the Main Navigation area we will have to hide ALL of the SubArea objects. The way to do this is setting the ‘Read’ Privelidge on the Sub Area to the corresponding custom Navigation entity we created earlier.
<SubArea Id=”contact” Entity=”contact” Title=”Contacts”>
< Privilege Entity=”new_salesnavigation” Privilege=”Read” />
We can either export the Sitemap in the Solutions RibbonDiffXML, Or we can use the Sitemap Editor in the XRM Toolbox to this
4. Using SiteMap Editor for security based Navigation option
The SiteMap Editor can be used to add security Privileges to the Subareas, allows us to assign the our custom navigation entity security roles we created in part 1 to be assigned to the Sub areas of the Sitemap, allowing us to grant access to the navigation menus based on users with corresponding security roles. The Entire CRM Area will be hidden if Access to all the Sub Area objects is denied.
To Hide an Entire Menu Area of a Sitemap for a given security role, the users role must be denied access to all of its Sub Areas. So we could go about enforcing the policies for the Main CRM Areas by granting Access to all of its Sub Areas for the corresponding security groups.
So for example, to hide the entire Settings Area for a given security role, we would have to ensure all the Sub Areas under Settings do have access privileges for that group.
A) click Load Sitemap
B) On each Sub Area, Click ‘Add Privilege’,
- add the Navigation Entity schema name
- tick Read
- Click the ‘Save’ button;
C) Complete the steps for All the required Sub Areas
D) Click Update Sitemap
E) Now Login as a user without the ‘Sales Navigation’ Read Privilege, and they will not see the Sales Area;
F) Complete the Privileges for the Other Security Groups, so that the Areas are locked down according to their corresponding custom navigation entity
In our case, there will be 4 Custom Navigation Entities
- Sales Navigation
- Service Navigation
- Marketing Navigation
- Admin Navigation ( Please Note That if you Hide the Security Sub Group Under The Admin Navigation it may prevent Billing Admins Without CRM licences From Setting Up New CRM Users)