0

I developed a client side JavaScript functions and added them to the Dynamics 365 customer service solution as web resource using the recommended steps. The functions were tested and operate as required when I am logged into the instance with Roles as a System Customizer and System Admin. But if login is as a user without these two Roles like a CSR Manager the JavaScript functions were not responding. On further investigation with client side developer tools in IE11, Chrome and Firefox I have verified that the JavaScript is in fact not downloading to the client browser for these users.

If I grant the System Administrator Role to the user the functions work fine and I can use client side debugger in the browser. As soon as I take away the Role and reload the browser the debug points I set do not pause and the JavaScript web resources are not downloaded.

I am not sure what's going on as no community forum or Microsoft docs article mentions any other requirements that secure the web resources or allow non admin users to view versus admin users.

Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168
user9960595
  • 3
  • 4
  • Is that web resource added into form or ribbon? Where exactly are you testing the functionality? There’s nothing called securing js web resource for only certain user roles at all. – Arun Vinoth-Precog Tech - MVP Jun 21 '18 at 01:13
  • added to form as a JavaScript function library and configured for the OnSave and OnLoad event handlers in form properties. – user9960595 Jun 21 '18 at 11:07
  • 1
    Do you have 2 different forms distinguished by security role? Probably js is registered only in System Admin Form.. check it – Arun Vinoth-Precog Tech - MVP Jun 21 '18 at 11:44
  • No form security roles have been enabled. different account relationship requires different attributes and sections so created multiple forms and switch OnLoad based on attribute value. – user9960595 Jun 22 '18 at 10:55

3 Answers3

0

CRM web resource (JS) cannot be rendered/controlled only for some security roles. It’s open for all.

But when you have different forms for different security roles, then there is a possibility of registered js libraries & functions missing in that particular form.

You cannot find anything like this any documentation/forum as this could be some admin/developer error.

If you enable multiple forms for Sys.Admin or CSR role, then form switcher will appear in record & you can test both behavior.

Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168
  • Thanks for your reply. I understand your point but in my scenario the multiple forms are not restricted to any security role. I am just using form switcher to display different layouts based on the account record's attribute Relationship. – user9960595 Jun 22 '18 at 10:57
  • i thought the same Arun, but it is available in security roles under Customization > Web Resource – Brian Frick Jun 22 '18 at 20:28
  • @BrianFrick I know that, what I meant was we cannot regulate security role to load or not to load any specific js file. Though CSR Manager role should have all the privileges for web resource entity.. – Arun Vinoth-Precog Tech - MVP Jun 22 '18 at 21:48
0

I see a couple of answers here talking about security roles and forms. If you have the jScript only on ONE form, it will not work for the others. So, you need to link that JS (whether a web resource or code you enter into the text editor) to every form you want the JSCRIPT to run on (in the Form Properties). It sounds like you have it running, and it works, for you and other users in the SysAdmin role. Have you tried this across all of your forms?

The second thing to check is what exactly your JScript code is doing. Is it only focused on one entity (the entity of the form you are injecting the JS to)? Is it updating, deleting, or appending something to the record?

As stated above, JScript and Web resources cannot be locked down by security (as far as I know), but if the user doesn't have the proper permissions to WRITE to an entity, you may see this behavior.

Update: Sorry, I lied. Web Resource is controllable through Security Role. It is in the Customization Tab, all the way at the bottom of the list (but above the Misc. Privs). You have the ability to set CREATE, READ, WRITE, DELETE permissions on this entity.

You might want to check the security roles that the non-SysAdmins have has at least READ on the Web Resource entity.

Brian Frick
  • 146
  • 3
  • 15
0

Thanks for all your responses. The issue was form "Enable Security Roles" related after all.

I am not sure whether by DEFAULT on custom form the security is only enabled for System Administrator and System Customizer Roles only OR one of my team members restricted access to these two roles.

But on reviewing these the and enabling the form for other Roles the JS script started to download for non admin users.

lesson learned do not assume, always check and double check especially in a team environment.

user9960595
  • 3
  • 4
  • This is what I answered but you confirmed as negative. Now agreeing. Instead of dupe answer, respect the community answers which helped you. Read this: https://stackoverflow.com/help/someone-answers. Welcome to StackOverflow. – Arun Vinoth-Precog Tech - MVP Jun 26 '18 at 19:01
  • Not sure what u mean by dupe answer. I agree 100 percent you asked me about security roles. I did not enable form security roles so answered accordingly. I checked them by chance and realized they were enabled and only for system administrators role. Please my attempt at showing embarrassment at not having listened to your suggestion "lesson learned do not assume, always check and double check especially in a team environment." Thanks. – user9960595 Jul 15 '18 at 16:31
  • I don’t have any issue. But SO is not a forum, it’s a Q&A site. So that’s how it works. Read all the help page including the link I posted in above comment. Thanks. – Arun Vinoth-Precog Tech - MVP Jul 15 '18 at 16:38