Suppressing CRM Menu Items Based on Privileges

Your first step to simplifying your CRM menu for your users should be to configure security roles that grant READ access to only those entities your users will be working with.  

e.g.. take away their permissions to the CASE entity and like magic no more CASE menu item…

Now, this approach only gets you so far.  For example you will find you have to give users READ permission to Users and Business Units and as a result the Settings and Administration menus remains visible to them.   And you might find you don’t want something like Competitors showing on the menu but you do want users to be able to specify against their Opportunities when they are closing them.

Microsoft have given us a a tool that helps us here – in the Sitemap definition we can add privilege checks to individual menu items.   The privilege check looks like this:

I have highlighted in yellow the section of the Sitemap that defines the Competitor menu item.   Inside the red box is the privilege check.  The addition of this line instructs CRM:  “hide the above menu item unless the user is assigned a security role that gives them CREATE permission on the COMPETITOR entity”.

So, once you’ve trimmed back security roles have a look at what your users are left with and where you want something visible only to your super users ask yourself “what permission do my super users have that my normal users don’t?” and add the corresponding privilege check.

Some examples:

– If Queues are used for Case assignment by team leaders, and your standard user does not have permission to assign Cases then add a privilege check to the Queues menu item based on the ASSIGN permission to the CASE entity.

– If you don’t want the SETTINGS menu to appear then you can hide it using this approach but you will need to add the privilege check to each menu item that is appearing under the SETTINGS menu.  Consider adding a privilege check to each menu item that references the CREATE permission on the USER entity.  This will hide the entire Settings area from everyone except those users who are allowed to create new users.

– In the below example Marketing menu items are each given a privilege check:

Now, if you are struggling to pick a permissions test that will work for you, consider creating custom entities just to support this approach.  For example, create a new entity called HiddenMenu and ensure the security role your senior management users are assigned includes READ permission to this entity.  Then, in your Sitemap file go to each menu item that you want available only to those senior management users and add a privilege check that requires the user has the READ permission to the HiddenMenu entity.   Easy 🙂

1 thought on “Suppressing CRM Menu Items Based on Privileges

  1. dhodgin

    do you know of a list somewhere that tells what the entity name is for each specific entity and how they line up in the security role manager?

    I want to remove the dashboard link if the user doesn’t have user dashboard read permission but i have no idea which entity that refers to as there is no dashboard system entity.

    You’re blog is awesome. Thanks a lot


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s