The syntax is UserHasBusinessUnit(['BU1','BU2','BU3']);

function UserHasBusinessUnit(businessUnits)
{
  var mybu = GetMyBusinessUnit();

  for (j = 0; j < businessUnits.length; j++)
  {
	// If there is a match, return true, found
	if (mybu == businessUnits[j]) return true;
  }  

  //otherwise return false
  return false;
}
function GetMyBusinessUnit() {
    var xml = "" +
	"<?xml version='1.0' encoding='utf-8'?>" +
	"<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'" +
	" xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'" +
	" xmlns:xsd='http://www.w3.org/2001/XMLSchema'>" +
	GenerateAuthenticationHeader() +
	"<soap:Body>" +
	"<Fetch xmlns='http://schemas.microsoft.com/crm/2007/WebServices'>" +
	"<fetchXml>" +
	" &lt;fetch mapping='logical' count='1'&gt;" +
	" &lt;entity name='businessunit'&gt;" +
	" &lt;attribute name='name' /&gt;" +
	" &lt;filter&gt;" +
	" &lt;condition attribute='businessunitid' operator='eq-businessid' /&gt;" +
	" &lt;/filter&gt;" +
	" &lt;/entity&gt;" +
	" &lt;/fetch&gt;" +
	"</fetchXml>" +
	"</Fetch>" +
	"</soap:Body>" +
	"</soap:Envelope>";

    var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");
    xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);
    xmlHttpRequest.setRequestHeader("SOAPAction", "http://schemas.microsoft.com/crm/2007/WebServices/Fetch");
    xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
    xmlHttpRequest.setRequestHeader("Content-Length", xml.length);
    xmlHttpRequest.send(xml);

    var resultXml = xmlHttpRequest.responseXML;

	var resultSet = resultXml.text;
    resultSet.replace('&lt;', '< ');
    resultSet.replace('&gt;', '>');

    var oXmlDoc = new ActiveXObject("Microsoft.XMLDOM");
    oXmlDoc.async = false;
    oXmlDoc.loadXML(resultSet);

	var result = oXmlDoc.getElementsByTagName('name');  

	return result[0].text;
}

First, we need a set of functions to facilitate our our process. We need to get the roles of the current user, GetCurrentUserRoles. Then we need to see if the user has the role, UserHasRole. Finally we can hide the fields (HideFieldByRole) or tabs (HideTabByRole).

GetCurrentUserRoles
The first thing we need to do is get a list of roles according to the current user. There are a couple of different ways to do this. You could use the RemoteCommand to get the current user and then their roles, a blog post by Zahara Hirani on Hide Show Fields in CRM 4 based on security role outlines this. However, I do not want to make multiple request for the same information. I want to get the roles for the current user in one line. Below shows the GetCurrentUserRoles that implements a RetrieveMultiple query to get the names of the roles that a user has in one request.

function GetCurrentUserRoles()
{
  var xml = "" +
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
    "<soap:Envelope xmlns:soap=\"" +
    "http://schemas.xmlsoap.org/soap/envelope/" +
    "\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" +
    " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">" +
    GenerateAuthenticationHeader() +
    " <soap:Body>" +
    " <RetrieveMultiple xmlns=\"" +
    "http://schemas.microsoft.com/crm/2007/WebServices\">" +
    " <query xmlns:q1=\"" +
    "http://schemas.microsoft.com/crm/2006/Query" +
    "\" xsi:type=\"q1:QueryExpression\">" +
    " <q1:EntityName>role</q1:EntityName>" +
    " <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" +
    " <q1:Attributes>" +
    " <q1:Attribute>name</q1:Attribute>" +
    " </q1:Attributes>" +
    " </q1:ColumnSet>" +
    " <q1:Distinct>false</q1:Distinct>" +
    " <q1:LinkEntities>" +
    " <q1:LinkEntity>" +
    " <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" +
    " <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" +
    " <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" +
    " <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" +
    " <q1:JoinOperator>Inner</q1:JoinOperator>" +
    " <q1:LinkEntities>" +
    " <q1:LinkEntity>" +
    " <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" +
    " <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" +
    " <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" +
    " <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" +
    " <q1:JoinOperator>Inner</q1:JoinOperator>" +
    " <q1:LinkCriteria>" +
    " <q1:FilterOperator>And</q1:FilterOperator>" +
    " <q1:Conditions>" +
    " <q1:Condition>" +
    " <q1:AttributeName>systemuserid</q1:AttributeName>" +
    " <q1:Operator>EqualUserId</q1:Operator>" +
    " </q1:Condition>" +
    " </q1:Conditions>" +
    " </q1:LinkCriteria>" +
    " </q1:LinkEntity>" +
    " </q1:LinkEntities>" +
    " </q1:LinkEntity>" +
    " </q1:LinkEntities>" +
    " </query>" +
    " </RetrieveMultiple>" +
    " </soap:Body>" +
    "</soap:Envelope>" +
    "";  

  var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");  

  xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);
  xmlHttpRequest.setRequestHeader("SOAPAction",
    " http://schemas.microsoft.com/crm/2007/WebServices/RetrieveMultiple");
  xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
  xmlHttpRequest.setRequestHeader("Content-Length", xml.length);
  xmlHttpRequest.send(xml);  

  var resultXml = xmlHttpRequest.responseXML;
  return(resultXml);
}

The next method is a simple method for searching the XML result from GetCurrentUserRoles. By passing it the roles you are looking for and the roles the user has, it will determine if there is a match. The roles it is passed is separated by a pipe (|).

function UserHasRole(roleNames, rolesXML)
{
  // split roleNames on pipe
  var matchon = roleNames.split('|');

  if(rolesXML != null)
  {
    //select the node text
    var roles = rolesXML.selectNodes("//BusinessEntity/q1:name");
    if(roles != null)
    {
      for( i = 0; i < roles.length; i++)
      {
        for (j = 0; j < matchon.length; j++)
	{
	  // If there is a match, return true, found
	  if (roles[i].text == matchon[j]) return true;
        }
      }
    }
  }
  //otherwise return false
  return false;
}

Finally, we can now implement helper methods to allow the hiding of a tab or a field if a user DOES NOT have a specific role.

function HideTabByRole(role, roles, tabnumber)
// Tab number starts on 0
{
  var tab = document.getElementById('tab'+tabnumber+'Tab');
  var usrRole = UserHasRole(role, roles);
  if(!usrRole)
  {
    tab.style.display = "none";
  }
}

function HideFieldByRole(role, roles, field,cfield,dfield)
{
  var usrRole = UserHasRole(role, roles);
  if(!usrRole)
  {
    field.style.visibility = 'hidden';
    field.style.position = 'absolute';
    cfield.style.visibility = 'hidden';
    cfield.style.position = 'absolute';
    dfield.visibility = 'hidden';
    dfield.style.position = 'absolute';
  }
}

To implement this process, all you have to do is put every piece of code in this article inside your onload with the following customized for your situation.

var UserRoles = GetCurrentUserRoles();

HideTabByRole('Account Managers|SystemAdministrators', UserRoles, 3);

HideFieldByRole('Account Managers', UserRoles,
                crmForm.all.parentcustomerid,
                crmForm.all.parentcustomerid_c,
                crmForm.all.parentcustomerid_d);

If you have any questions of problems implementing this in your environment, please let me know, and I’ll do my best to help you get it working