Restricting form controls using security framework in D365 F&O

Many times we come across scenario's where a form should have access to the user but specific buttons or controls on the form should not. Below is an example process for one such scenario.

Let us say, we have an user with role "Budget Clerk". He will have access to the form Budget register entry. The highlighted button " Update ledger balance" on the form shown in screenshot can be accessed by the user with current role.

Now, lets us assume that, we need to remove access to the button " Update ledger balance" for the user with same role but to have rest of the form access as it is.

Below are the simple steps to be followed to achieve this requirement.

1. Create a new privilege.

2. Add the Display Menu item associated to the form to the Entry point node available on the privilege.

3. Under the form control permissions node Right-Click and select New form.

4.  Go to properties and select the form name on the "Name" property.

5. Right-Click and select New control to add the form control name which is required to be restricted on the form.

6. Go to properties on the new control created on the permission node and set the "Grant" property to "No access".

 

7. Create an extension for the form "BudgetTransaction"

8. Navigate to the form control which represents the "update ledger balance" button on the form.

9. Set the "Need permission" property to the desired value

Note:- Here in this example, We have specified the "Need permission" property to "Delete". This indicates that, the roles which has the delete access to the forms will be able to access this control on the form. The roles which has lower access will not be able to access this control even though if the user has access to this form. If the value is set to "Manual" Buttons wont be accessible for roles unless specifically grant permission is provided on the privilege

10. Create extension for the role "Budget clerk" and assign the privilege created under the privilege node.

Note:- Even if the role has a privilege which will have delete access to the form and its control, The new privilege we added with No access permission will take higher priority and the control will be restricted for the use.