I was recently asked a question about showing toolbar buttons in Unified Service Desk (USD) for Dynamics 365, the question was “Is it possible to hide / show buttons based on a user’s security role?“. In this post I will answer this question.
By way of an example, imagine this scenario …. say you want to hide the debug toolbar button to all user except anyone with the system administrator or system customizer roles.
The steps involved are;
- Create a Search.
- Create a DoSearch action.
- Create two SaveSetting actions.
- Add actions to your DeskTopReady event.
- Add conditions to the toolbar buttons.
Note: I’m assuming you already have a toolbar button that loads the debugger!
Step One – Create a Search
First of all I needed to run a search to see if the current user had either the system customizer or system administrator roles. For this I used the “Entity Searches” option in USD.
I created an entity search that looked like this ….
My entity search contained the following fetch XML.
<fetch version="1.0" output-format="xml-platform" mapping="logical" distinct="false"> <entity name="role"> <attribute name="name"/> <attribute name="businessunitid"/> <attribute name="roleid"/> <order descending="false" attribute="name"/> <filter type="and"> <filter type="or"> <condition attribute="name" value="system administrator" operator="eq"/> <condition attribute="name" value="system customizer" operator="eq"/> </filter> </filter> <link-entity name="systemuserroles" intersect="true" visible="false" to="roleid" from="roleid"> <link-entity name="systemuser" to="systemuserid" from="systemuserid" alias="al"> <filter type="and"> <condition attribute="systemuserid" operator="eq-userid"/> </filter> </link-entity> </link-entity> </entity> </fetch>
Tip: If you wish to adapt this, an easy way to generate the fetch XML is to create an Advanced Find and then use the “Download Fetch XML” button.
This is is schema name of the entity that hold system roles, you will need to add this as an entity to be USD by USD!
|Fetch XML||You could just cut and paste the XML I have shown above!|
Step Two – Create a DoSearch Action
Having created my search, I needed a DoSearch action. As shown below;
|Name||CRM Global Manager – Do Search (SecurityRole)|
You could use a different order number! But it will need to be lower than the SaveSetting actions we’ll create in the next step.
|Hosted Control||CRM Global Manager|
Step Three – Create Two SaveSetting actions
It would have been possible for me to reference the results of the DoSearch in all my conditions. But I felt a more elegant approach would be to save a setting that will contain “True” or “False”. For this I created two actions, one for the false and one to the true. My actions looked like this;
For the False option I created ….
For the True option I created …
|Name||CRM Global Manager – Save Setting (SystemAdmin True)
CRM Global Manager – Save Setting (SystemAdmin True)
You could use a different order number! But it will need to be higher than the DoSearch action we created in step two.
|Hosted Control||CRM Global Manager|
|Condition||“[[$Return.CRM Global Manager – Do Search (Security Role)]g]”!=”0″
“[[$Return.CRM Global Manager – Do Search (Security Role)]g]”==”0”
Here I am basically triggering the true action if the DoSeach returned data or the false action if the user doesn’t have the required role.
Step Four – Add Actions to DeskTopReady
I now need to trigger my search and save of setting when USD loads, so for this I add the actions to the DeskTopReady event of Global Manager. Below you can see that I have added the three actions to the DeskTopReady event of my global manager.
Before I show the conditions we need to add, let’s have a quick look what is happening inside USD. Once USD loads we will do a search and save a setting. That setting is available as a replacement parameter. You can see below that I have a SystemAdmin parameter in my data parameters. I can then reference this parameter in conditions using [[$Settings.SystemAdmin]].
Step Five- Add condition to the Toolbar Button
Now we have the setting stored it can be used anywhere that I want to restrict access to anyone but the system administrators. For example, I have added an enable condition to my toolbar button used to access the debugger.
The enabled condition of “[[$Settings.SystemAdmin]]”==”True” will ensure the button is only enabled if the current user has the system administrator or system customizer role.
I hope you can see that this approach could be adapted for other roles / buttons within your application. Enjoy.