Tuesday, November 11, 2008

CRM 4.0 Field Level Security Wizard


My company uses the dynamics platform as basis for its products. From a product point of view, dynamics is an awesome foundation but is lacking many important functionalities which our soon to be customers require. In order to fill those gaps and achieve a fast pace product integration with as little development effort as possible we build functional wizards, in-house Utility Add-ons, to a variety of development tasks and business needs. Our goal eventually is to enable our integration team accomplish those tedious tasks in just a few clicks. A good example of that is the Field Level Security wizard which is presented herein.

As we already put time and effort in building those smart solutions, I thought it would be great to somehow share them with you on a “shareware” basis. In simple terms I decided to uncover those wizards with their full source code and installation instructions for a small and very affordable one time fee. Once you acquire the rights you can utilize and implement each wizard in any of your dynamics solutions as if it is your company own property.

The wizards will undoubtedly save you hundreds of development hours, speed up you delivery and much more. Since I’m testing this initiative for the time being I wanted to give you a taste and share this post with you. If you find this interesting, share your thought and questions with me (comment or send an email to support@gicrm.com).

The Field Level Security Wizard is a fully functional solution which enables you to define security settings throughout the organization hierarchy. In other words you can create FLS templates for each business unit, override or extend those settings for each security role and more importantly create exceptions at the user level. This gives you a much tighter security control over the entire dynamics application.

One of the most common tasks partners need to accomplish in every CRM project is hiding or showing specific form function (e.g. tab, toolbar button or left navigation link) depending on the user business unit, role and user. The FLS wizard can also facilitates this type of tasks with ease.

In the following demonstration I implemented a simple scenario on the account entity. First I create a simple FLS template on the business unit level by hiding the Main Phone and City fields, then I override those settings for the system administrator role by giving the role limited access to those fields and finally I create a specific exception for the administrator (me) and override/enable these fields completely.

In order to rewind the video right click on the flash movie, click rewind and then play.



FLS Features and information:
1. Supported Entities - All entity types (System, Customizable and Custom).
You can find the entire entity list inside CRM advanced find window.

2. Supports both online and offline modes.

3. Supports the following CRM modules:
  1. Entity Form (Can be extended using client side API)
  2. Entity Print Form
  3. Entity Views
  4. Entity Views Print page
  5. Static Export to Excel
  6. Advanced Find
  7. Mail Merge
  8. Merge
  9. Filtered View (For Reports)
  10. Entity Associated views
  11. Lookup views
  12. CRM Workflows

4. Supported Languages - FLS Customizations are available in all base languages – no language packs needed, But you’ll need to translate them your self.

5. Supported Layouts - Dir RTL ( Right to Left ) and LTR ( Left to Right ) layouts

6. Supports the following field level security modes:
  1.  Default – Field is not set
  2.  Hidden – Field is hidden on both crm form and views
    a.  Keep layout – the field space is kept
    b.  Collapse layout – the field space is collapsed for better presentation
  3.  Missing – Field is disabled , the user can not see the data
  4.  Disabled – Field is disabled , the user can see the data
  5.  Enabled – Override existing settings, the user has full permissions on the field.

7. Supports “Formless” Entities – Entities that do not have a form like activity

8. Supports Security Hierarchy:


  1. Business Unit level: Creation of FLS Templates that affect the entire business unit.
  2. Role Level: Inheritable security roles with an option to extend or override business unit settings
  3. User Level: Inheritable User settings with the option to create exceptions for users within the same role

9. Fields View - Intelligent Orientation.


The user can filter by:
  1. Field Type: Presents all available field types
  2. Existing: Presents existing Settings
  3. Placement: Presents fields that exist ON and OFF the CRM Form
  4. Tabs: Presents All Fields Categorized by Tab Name
  5. Sections: Presents All Fields Categorized by Section Name

The wizard also supports Internet Facing Deployment (IFD) and IE8

As you can see, we give a lot of attention to the entire usability issue. The idea is to enable the integrator / developer to achieve his FLS goals as fast as possible.

The wizard is now available online. I’m sure you’ll find it worthwhile. Feel free to comment here or send your questions to support@gicrm.com.

12 comments:

RunR said...

Sounds very interesting and useful. How is the security enforced? I am thinking it may be based on plugins, but I can see you've also mentioned that Filtered Views are supported, so I curious how this is managed.

Adi Katz said...

Hi,

The FLS is a custom CRM entity which mean it can be used (intersected) in a filtered query to enforce FLS rules in your reports.

The FLS enforces it rules only via supported plugin.

Anonymous said...

I would like to get this component, i tried to send e-mail but it wasn't delivered.

Adi Katz said...

Please send your email to fls@gicrm.com

Bakai said...

Hello.
Is your price for the whole CRM deployment or for one user?

Adi Katz said...

This is a company license; you acquire it once and have the right to implement it in any of your dynamics implementations, current and future.

It will be available online on 30.1.2009

Adi

Anonymous said...

Hi, could you please tell me in which side your code manipulates security constraint? Is client side or server side? Is javascript or c#? Thanks

Adi Katz said...

Server side!

The client supporting script is only used to apply visibility for fields on a CRM form.

Anonymous said...

Does it support :
1. CRM Report Wizard?
2. Excel Dynamic Columns Export ?
3. Excel Pivot Export?

Adi Katz said...

The FLS wizard supports the ability to create FLS aware reports by joining the report query (sql) against the FLS filtered view. The FLS does not change existing filtered views as this would be unsupported.

Regarding excel - in order to achieve maximum security, we suggest removing the export to excel functionality for low privileged users (using built in role capabilities) and replacing it with controlled excel templates / scheduled excel reports which can be transformed to pivot tables.

Awwan said...

Hi!

Very interesting and nice solution for a very common problem.

How bad is the performance hit? Have you done tests with many BUs/users/"FLV rules"?

Also, are you able to filter out the fetcthxml correctly if the user does nested advanced finds e.g. opportunity - account - contact (with FLV on contact)?

Are there other places where a user is able to break the security (except dynamic excels as mentioned here)

Thanks!

Adi Katz said...

The GI FLS has a fast throughput and has been successfully implemented in customers with a complex org hierarchy
Adv. Find nesting is not an issue the output columns are. Take a look at our record filter wizard for securing data by filtering queries. Regarding your last q. there are no other security breaches.

If you require further information please send an enquiry to support@gicrm.com.