Hiding command bar buttons in Dynamics CRM using custom security role privileges

Dynamics CRM Security Roles do a very good job of securing the Data within CRM, and this also applies for the command buttons. However sometimes you may have a requirement to completely hide the Button but without removing the users security roles, often in cases where you have an integrated CRM where Web services are involved to perform requests for CRM rather than the UI, or where plugins are involved.

In such a scenario where you want to allow the user to keep the security privilege but remove the button from the interface to enforce your custom business process or prevent users getting confused by all the options available. You will also want to only hide the button for a specific group of user, so simply using the ‘Hide’ button feature in Ribbonworkbench will not be suitable in such scenarios.

Security rules allow us control access to records, however when it comes to controlling access to Sitemap and Ribbon Buttons requires Entity Privilege Rules. If an Entity Privilege is shared among more than one group of users, you will need to create a unique entity Privilege. To do this we can create a Custom Entity for the given business area you intent to apply a Privilege rule, Allowing us to show a Custom Sitemap or Button Command Display rules for specific groups of users when we can’t do so with the current security roles in place.

I would advise against using the ‘Inverse’ privilege display rule, since system admin who may need access to the button will also never be able to see the button as they have all privileges. A better approach would be to Add the New Entity Privilege to Existing Security Roles that should display the Application buttons, so that only users who do not have the new Navigation privilege will not be able to view the button. This approach may require some rework to amend existing security roles with the new privileges but is a better solution that doesn’t affect admin access to the Hidden buttons.

1)      Create a Custom Entity for the Business Area you want to lock down the buttons for, I used this same approach for my previous blog where I locked down the Sitemap based on Business Area. For this example I will be creating Custom Rules for a Specific Department called new_customNavigation

2)      Now if we go to into securities roles we will see a new row added, we can use any of these privileges but to be consistent we should use one particular role that we use consistently before applying to Sitemap and Button customisation, here I have decided to use the ‘Global’ Access level on the ‘Read’ Privilege to use with Navigation Entity will also create a new Set of Security Privileges that we can use as a Custom Privilege Rule. So now users will require Global Read Privelidges on  (new_customnavigation) to be able to view the hidden crm buttons.

3)      Now We can Begin Applying the Privilege rule for users who have been granted a privilege for this entity, The easiest way to do this is by installing the Ribbon Workbench;

4)     There are 3 areas on the CRM Page where we can hide buttons in CRM;

  •  Home: The home page form for the Entity
  •  Form: The Record form for the entity
  •  The Associated Subgrid for the Entity

We can use the Ribbon Workbench tool to apply these rules on the form buttons ;

a)      Click on the Entity, and right click on the Button you want to hide from the users without the privelidge

b)      Right Click on the ‘Display Rules’ and Click ‘Add New’

c)      Update the ID for the Display rule with something more meaning, I will call it new.opportunity.HideforMarketing.DisplayRule

d)      Now Right Click on the Rule you have just created and select ‘Edit Rules’ and Add ‘Entity Privilege Rule’

Now here’s the important part for Setting the following Rules;

Entity Name: Provide the schema name of the entity for the Custom Navigation entity

Invert Result: Leave as false, setting Invert to true will result in buttons always be hidden from admins.

PrivilegeDepth: The Security Role Privilege Depth that the special group of User will be given for the Display rule to take into effect so that the buttons are hidden, for simplicity I usually Set this to Global

PrivilegeType: The Privilege Type that the User will be given for the Display rule to take into effect, so simplicity I usually Set this to Read.









5)      we can Add the Above Rule to each Button Command we want to hide based on the rule by right Clicking the Form Button and click ‘Customise Command’

6) Now a new Command will appear in the ‘Commands’ Section, Right click this and click ‘Edit Display Rules’;

7) Now you can Add the Display Rule you Created earlier to this Buttons Command and Click OK

Repeat Steps 5 for each button you want to apply the Hide Privilege Rule before Finally Publish your Changes.

You will also want to make sure you provide the Global Read privelidge for the new_customNavigation entity for any security roles that require to see the hidden buttons. Only users who do not have this privelidge within their security role will not be able to access.I prefer this approach as the alternative would require Javascript and I believe would perform better with less technical debt.

Author: Raz Dynamics
Razwan is a Microsoft MVP and Dynamics 365 Community Moderator responsible for developing Microsoft Dynamics 365 and CRM integrated solutions for over a decade. Razwan is responsible for delivering Dynamics 365 User Groups & CRM Saturday Conferences. Raz has developed many free community utilities for Dynamics 365 and CRM which you can download from this blog.