More about Using CRM security in ASP pages

Hints, Tips and Tricks

Technical Hints Tips and Tricks that cover customization and development using Sage CRM. API usage and coding are covered.

More about Using CRM security in ASP pages

  • Comments 1
  • Likes
I have previously discussed  that access to buttons can be controlled by the 4 & 5 parameter of the CRM.Button() method used in Classic ASP. The entity referenced in the 4th param has to be an entity normally covered by security.

The example covered in the previous example discusses whether or not to include a whole block in a screen based on a users security profile rights.

But what if the need is to display data but not to allow the screen fields to be edited? We can use field level security and this will control field behaviour all through the system including our ASP pages. But the security rights I am concerned with are not field based but row based.

In the example below the code can be used to check whether the user has the rights to edit a company record and if they don't then the fields would become ReadOnly.
if (!CRM.Button("","", "test","COMPANY","EDIT"))
{
var myE = new Enumerator(myBlock);
while (!myE.atEnd())
{
myEntryBlock = myE.item();
myEntryBlock.ReadOnly = true;
myE.moveNext();
}
}

We are using the fact that the screen block (eWareEntryGroupBlock) object is enumerable. Once we have established the security rights for the user we can then set all the rights on the fields for this screen.
Comments
  • Have you tried testing this code above with a user that has EDIT rights?  I cannot get any eWare.Button calls to return code (with a user other than admin) for anything other than INSERT rights, even though the user has access.