Neil McDonald's Dynamics 365 Blog

The below is a way to hide a tab to everyone not in the Account Manager and System Administrator roles. There’s also a slightly less polished method to disable fields to everyone not in the System Administrator role.

You should be able to copy and paste the below script into your OnLoad event and change the bottom 2 lines of code to specify the tab you want to hide. It wil then hide it from everyone not in the roles specified. You’ll also have to change the attribute names which you want to disable in the HideField function.

var UserRoles = GetUserRoles();

// Hide tab number 3 to everyone except the roles entered - Role1|Role2 etc
HideTab('Account Manager|System Administrator', UserRoles, 3);
//Disable the fields specified in HideField to anyone not in the System Administrator Role
HideField('System Administrator', UserRoles);
function GetUserRoles()
{
var xml = "" +
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<soap:Envelope xmlns:soap=\"" +
"http://schemas.xmlsoap.org/soap/envelope/" +
"\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" +
" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">" +
GenerateAuthenticationHeader() +
" <soap:Body>" +
" <RetrieveMultiple xmlns=\"" +
"http://schemas.microsoft.com/crm/2007/WebServices\">" +
" <query xmlns:q1=\"" +
"http://schemas.microsoft.com/crm/2006/Query" +
"\" xsi:type=\"q1:QueryExpression\">" +
" <q1:EntityName>role</q1:EntityName>" +
" <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" +
" <q1:Attributes>" +
" <q1:Attribute>name</q1:Attribute>" +
" </q1:Attributes>" +
" </q1:ColumnSet>" +
" <q1:Distinct>false</q1:Distinct>" +
" <q1:LinkEntities>" +
" <q1:LinkEntity>" +
" <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" +
" <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" +
" <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" +
" <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" +
" <q1:JoinOperator>Inner</q1:JoinOperator>" +
" <q1:LinkEntities>" +
" <q1:LinkEntity>" +
" <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" +
" <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" +
" <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" +
" <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" +
" <q1:JoinOperator>Inner</q1:JoinOperator>" +
" <q1:LinkCriteria>" +
" <q1:FilterOperator>And</q1:FilterOperator>" +
" <q1:Conditions>" +
" <q1:Condition>" +
" <q1:AttributeName>systemuserid</q1:AttributeName>" +
" <q1:Operator>EqualUserId</q1:Operator>" +
" </q1:Condition>" +
" </q1:Conditions>" +
" </q1:LinkCriteria>" +
" </q1:LinkEntity>" +
" </q1:LinkEntities>" +
" </q1:LinkEntity>" +
" </q1:LinkEntities>" +
" </query>" +
" </RetrieveMultiple>" +
" </soap:Body>" +
"</soap:Envelope>" +"";
var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");
xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);
xmlHttpRequest.setRequestHeader("SOAPAction",
" http://schemas.microsoft.com/crm/2007/WebServices/RetrieveMultiple");
xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
xmlHttpRequest.setRequestHeader("Content-Length", xml.length);
xmlHttpRequest.send(xml);
var resultXml = xmlHttpRequest.responseXML;
return(resultXml);
}
function UserHasRole(roleNames, rolesXML)
{
var matchon = roleNames.split('|');
if(rolesXML != null)
{
var roles = rolesXML.selectNodes("//BusinessEntity/q1:name");
if(roles != null)
{
for( i = 0; i < roles.length; i++)
{
for (j = 0; j < matchon.length; j++)
{
if (roles[i].text == matchon[j]) return true;
}
}
}
}
return false;
}
function HideTab(role, roles, tabnumber)
{
var tab = document.getElementById('tab'+tabnumber+'Tab');
var usrRole = UserHasRole(role, roles);
if(!usrRole)
{
tab.style.display = "none";
}
}
function HideField(role, roles)
{
var usrRole = UserHasRole(role, roles);
if(!usrRole)
{
//Disable these fields
crmForm.all.new_referredbyid.Disabled = true;
crmForm.all.new_staffreferralid.Disabled = true;
crmForm.all.new_splitcommissionid.Disabled = true;
}
}