Reports and Security

Find a nice blog on reports security:

http://community.dynamics.com/product/crm/crmtechnical/b/crmpowerobjects/archive/2011/06/27/reports-viewable-by-individual-or-by-organization-in-crm-2011.aspx

{All credit goes to the owner of the blog}

In Microsoft Dynamics CRM, reports can be set as Viewable by User or by Organization. To see this setting in Microsoft Dynamics CRM 2011, navigate to WorkplaceàReports, select a report and click Edit on the Ribbon. The setting is usually on the Administration tab.

This setting can be a little bit difficult to understand because changing the report to “Viewable by Individual” may not automatically secure it to the user depending on the logged in user’s security role. So, let’s take some time to understand the differences between the two options.
Setting a report to be viewable by the Organization means that all users can see it, meaning the report is essentially “Organization Owned.”  The exception to this is in some implementations, the out-of-the-box reports are owned by “System” which is not a user in CRM. These reports can only be seen by users whose Reports security is set to the Organization. If you change the security role so that the user cannot see all reports in the Organization, these reports disappear.  Assigning the report to a user in CRM makes that report potentially visible depending on the user’s security role.
Setting a report to be Viewable by the Individual does not “hide” it from everyone, but rather makes it subject to each user’s access privileges.  So if users have read access to reports in their business units, they will see all reports that are Viewable by Organization along with reports that are Viewable by Individual where the owner of the report is in their business unit.
To completely secure reports to an individual, you would need to change read privileges on all security roles to User only like in the example above, and in that case, a report either needs to be owned by the user or explicitly shared with the user in order for the user to see it.

 

 

Advertisements

Improve CRM Performance: PrincipalObjectAccess Table

Hi
Found this really interesting msdn blog to improve CRM Performance by controlling PrincipalObjectAccess table.

http://support.microsoft.com/kb/2664150

http://blogs.msdn.com/b/crminthefield/archive/2011/06/09/principalobjectaccess-performance-recommendations.aspx

and this one for some additional adventures on PrincipalObjectAccess Table :

http://community.dynamics.com/product/crm/crmtechnical/b/crmcustomereffective/archive/2012/06/01/unmasking-crm-s-principalobjectaccess-table-with-a-free-secret-decoder-ring.aspx

MS CRM Reports: Programatic Access

Faced this scenario where I had to access a report programatically, so that I can render it to some pdf or Excel.

Here are the Steps:

1. Create a new console application and add following web-references:

a. http://Reportserver_/ ReportService2005.asmx as ReportService
b. http://Reportserver_/ ReportExecution2005.asmx as ReportExecution


namespace abc{

class Program
{
static void Main(string[] args)
{

ReportingService2005 rs = new ReportingService2005();
ReportExecutionService rsExec = new ReportExecutionService();

rs.Url = "http:///reportserver_/reportservice2005.asmx";
rsExec.Credentials = new System.Net.CredentialCache.DefaultCredentials;
rsExec.Url = "http:///reportserver_/ReportExecution2005.asmx";

ExecutionInfo execInfo = new ExecutionInfo();
TrustedUserHeader trusteduserHeader = new TrustedUserHeader();
ExecutionHeader execHeader = new ExecutionHeader();
abc.ReportExecution.ServerInfoHeader serviceInfo = new abc.ReportExecution.ServerInfoHeader();
try
{
string _report = string.Empty;
string _history = string.Empty;
_report = "";

execInfo = rsExec.LoadReport(_report, null);
}

catch (Exception exp)
{
throw;
}
}

}

By doing all this, if we run the program, it will fail with ItemNotFoundException “that item at cannot be found”

Reason is the reports in crm are meant to be used for internal purpose only. {If we go to Report server and execute report from there, it prompts for credentials}

To reference the reports externally : Go to Reports –> Select report –> Edit Report –> Actions –> Publish Report for External use.

This will create a copy of report outside 4.0 folder on Report Server for CRM.{Now if we run this new copy of report, it will run without asking for credentials}

Now run the console application again and it should work fine.

I am still looking how to handle data filtering based on security roles. Will update this once I get the details.

Hope this helps someone.

CRM 2011: Hide/Remove Ribbon Item (Javascript)

I had this requirement to remove ribbon items (button, group) using Javascript.
Standard and supported way is by editing Ribbon XML located in Entity XML.
But sometimes need arises to do this using Javascript (unsupported way):

here is the code to do it. I used this on form onload.

//Javascript Code:
function HideARibbonItem(nameOfItem) {
var intervalId = window.setInterval(function ()
{
if (window.top.document.getElementById(nameOfItem) != null)
{
window.clearInterval(intervalId);
var elem = window.top.document.getElementById(nameOfItem);
//top menu has loaded
//Hide the item
elem.style.visibility = ‘hidden’;
//Remove the item
(elem.parentNode).removeChild(elem);
}
}, 100);
}
// Code finishes here
nameOfItem is : id field of ribbon item, group or button. This need to be passed to function through parameter in event handlers

You can find this using IE Developer tool
In image below I have process group which I want to hide:

Process Group Visible

Now if I hide process group , (elem.style.visibility = ‘hidden’;), it looks like:
Process Group Hidden

If I want to remove process group, [(elem.parentNode).removeChild(elem);]
it will look like this:
Process Group Removed

Hope this helps someone 🙂

CRM 2011: WhoAmIRequest with pure WCF call/OrganizationServiceClient

Posting this in case it helps someone:

I was using OrganizationServiceClient to use the SOAP endpoint in CRM 2011.

( Note:

1. No Xrm.Sdk or CRM.Sdk dlls included in solution.

2. No Reference.cs generated through svcUtil.exe either

)

Because of dlls not included in solution, WhoAmIRequest and WhoAmIResponse classes are not available by default.

OrganizationRequest need to look for WhoAmIRequest.

OrganizationServiceClient _orgProxy = GetProxy(System.Net.CredentialCache.DefaultNetworkCredentials);
OrganizationRequest req = new OrganizationRequest() { RequestName = “WhoAmIRequest” };
OrganizationResponse res = new OrganizationResponse() { ResponseName = “WhoAmIResponse” };
res = _orgProxy.Execute(req);

While debugging, I came across this error:

“Request not supported: WhoAmIRequest”

Drilled down further, for the source of WhoAmIRequest, I found this class is member of Microsoft.Crm.Sdk namespace (along with WhoAmIResponse).

http://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.aspx

But as I have no sdk.dlls in my solution added, and just a service reference, I tried to look for List of Requests which OrganizationRequest supports:

http://msdn.microsoft.com/en-us/library/microsoft.xrm.sdk.organizationrequest.requestname.aspx

And i found that it is “WhoAmI”

Hence, to make a WhoAmIRequest similar to CRM you need to use following :

OrganizationServiceClient _orgProxy = GetProxy(System.Net.CredentialCache.DefaultNetworkCredentials);
OrganizationRequest req = new OrganizationRequest() { RequestName = “WhoAmI” };
OrganizationResponse res = new OrganizationResponse() { ResponseName = “WhoAmI” };
res = _orgProxy.Execute(req);

Hope this helps 🙂

The version of clr.dll in the target does not match the one mscordacwks.dll was built for.

I was working on a VS 2010 solution and Win XP (No VS 2010 SP1).

Today morning, I did some changes and tried to build the solution when I came across this error:

” The version of clr.dll in the target does not match the one mscordacwks.dll was built for.”

Solution:

1. Restart VS 2010. In some scenario this helps

2. If solution 1 does not work, Install VS 2010 SP1 and go for a reboot.

Reason:

Doing some search on the Internet, I came to conclusion, its  parallel Window updates installation going on that conflict with VS 2010 existing installation.

Adding hyperlink in CRM Notifications

Hi

I had this scenario where I had to add a Notification on form.

Notification was required to be a hyperlink, on click of which, I was asked to get focus on a tab.

But this can be done similarly to navigate to a URL, navigation Pane Item etc

Steps:

1. On Form Onload, add this script:

function AddNotification()
{

var notificationsArea = document.getElementById(‘crmNotifications’);

notificationsArea.AddNotification(“1”, 3, “1”, “<a href=’#’ onclick=’Xrm.Page.ui.tabs.get(<tabname>).setFocus();’ title=’Test’ ><u><Message to be displayed></u></a>” );
}

Generic layout : Addnotification(Param1, Param2, Param3, Param4)

Param1: UniqueId for notification

Param2:

1. Critical notification

2. Warning notification

3. Info notification

Param 3: I tried to search for this. But not able to figure out yet what this is about. I tried adding a text, number and even left it as such with blank quotes(”). All of these worked

Param 4: Message you want to display. In my example I replaced message with an anchor tag to make my Display text behave as a a link. Anchor tag was not adding an underline to Displaytext, so I added <u> tag.

Note: This is unsupported customization as AddNotification() is not listed in SDK

Hope it helps someone.