Sep 302009

Here are a set of methods to assist in hiding tabs or sections based on role, it is a modified version of Jimmy Wang’s version.

First, we need a set of functions to facilitate our our process. We need to get the roles of the current user, GetCurrentUserRoles. Then we need to see if the user has the role, UserHasRole. Finally we can hide the fields (HideFieldByRole) or tabs (HideTabByRole).

The first thing we need to do is get a list of roles according to the current user. There are a couple of different ways to do this. You could use the RemoteCommand to get the current user and then their roles, a blog post by Zahara Hirani on Hide Show Fields in CRM 4 based on security role outlines this. However, I do not want to make multiple request for the same information. I want to get the roles for the current user in one line. Below shows the GetCurrentUserRoles that implements a RetrieveMultiple query to get the names of the roles that a user has in one request.

function GetCurrentUserRoles()  
  var xml = "" +  
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +  
    "<soap:Envelope xmlns:soap=\"" + 
    "" +
    "\" xmlns:xsi=\"\"" +
    " xmlns:xsd=\"\">" +  
    GenerateAuthenticationHeader() +  
    " <soap:Body>" +  
    " <RetrieveMultiple xmlns=\"" + 
    "\">" +  
    " <query xmlns:q1=\"" + 
    "" + 
    "\" xsi:type=\"q1:QueryExpression\">" +  
    " <q1:EntityName>role</q1:EntityName>" +  
    " <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" +  
    " <q1:Attributes>" +  
    " <q1:Attribute>name</q1:Attribute>" +  
    " </q1:Attributes>" +  
    " </q1:ColumnSet>" +  
    " <q1:Distinct>false</q1:Distinct>" +  
    " <q1:LinkEntities>" +  
    " <q1:LinkEntity>" +  
    " <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" +  
    " <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" +  
    " <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" +  
    " <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" +  
    " <q1:JoinOperator>Inner</q1:JoinOperator>" +  
    " <q1:LinkEntities>" +  
    " <q1:LinkEntity>" +  
    " <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" +  
    " <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" +  
    " <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" +  
    " <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" +  
    " <q1:JoinOperator>Inner</q1:JoinOperator>" +  
    " <q1:LinkCriteria>" +  
    " <q1:FilterOperator>And</q1:FilterOperator>" +  
    " <q1:Conditions>" +  
    " <q1:Condition>" +  
    " <q1:AttributeName>systemuserid</q1:AttributeName>" +  
    " <q1:Operator>EqualUserId</q1:Operator>" +  
    " </q1:Condition>" +  
    " </q1:Conditions>" +  
    " </q1:LinkCriteria>" +  
    " </q1:LinkEntity>" +  
    " </q1:LinkEntities>" +  
    " </q1:LinkEntity>" +  
    " </q1:LinkEntities>" +  
    " </query>" +  
    " </RetrieveMultiple>" +  
    " </soap:Body>" +  
    "</soap:Envelope>" +  

  var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP");  

  xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false);  
  xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8");  
  xmlHttpRequest.setRequestHeader("Content-Length", xml.length);  

  var resultXml = xmlHttpRequest.responseXML;  

The next method is a simple method for searching the XML result from GetCurrentUserRoles. By passing it the roles you are looking for and the roles the user has, it will determine if there is a match. The roles it is passed is separated by a pipe (|).

function UserHasRole(roleNames, rolesXML)  
  // split roleNames on pipe
  var matchon = roleNames.split('|');

  if(rolesXML != null)  
    //select the node text  
    var roles = rolesXML.selectNodes("//BusinessEntity/q1:name");  
    if(roles != null)  
      for( i = 0; i < roles.length; i++)  
        for (j = 0; j < matchon.length; j++)
	  // If there is a match, return true, found
	  if (roles[i].text == matchon[j]) return true;
  //otherwise return false  
  return false;  

Finally, we can now implement helper methods to allow the hiding of a tab or a field if a user DOES NOT have a specific role.

function HideTabByRole(role, roles, tabnumber)
// Tab number starts on 0
  var tab = document.getElementById('tab'+tabnumber+'Tab');
  var usrRole = UserHasRole(role, roles);
  { = "none";

function HideFieldByRole(role, roles, field,cfield,dfield)
  var usrRole = UserHasRole(role, roles);
  { = 'hidden'; = 'absolute'; = 'hidden'; = 'absolute';
    dfield.visibility = 'hidden'; = 'absolute';

To implement this process, all you have to do is put every piece of code in this article inside your onload with the following customized for your situation.

var UserRoles = GetCurrentUserRoles();

HideTabByRole('Account Managers|SystemAdministrators', UserRoles, 3);

HideFieldByRole('Account Managers', UserRoles,

If you have any questions of problems implementing this in your environment, please let me know, and I’ll do my best to help you get it working

  23 Responses to “CRM4: Hide Fields or Tabs by Role with Javascript”

Comments (21) Pingbacks (2)
  1. Hello,

    Thanks for the code – this is working well for me for the fields, but not for the tabs, and I can’t see why. Code is exact as yours, my customizations are:

    HideTabByRole(‘Engineer|SystemAdministrator’, UserRoles, tab2Tab);

    HideFieldByRole(‘M2M Engineer|System Administrator’, UserRoles,

    Field is hidden to all except Engineer/Admin, but tab is hidden for everyone. I can’t figure out what I am missing?


  2. Sorry, to clarify, the roles are actually the same in the code, though they look different in my post.

    • I will look into that and see why. I know in my CRM lab, the tabs have specific identifiers like tab1Tab, etc.
      If you have the IEDeveloper toolbar I believe you can find an item by selecting it and get the id. Either way, I will look into it further, double-check my code, and post a way to identify the tab so that you can get this working.

  3. Ok… I checked it again and they go from tab0Tab and up. The first tab is tab0Tab and the next tab is tab1Tab and so on.

    You will need to do something like:

    var tab0Tab = document.getElementById(‘tab0Tab’);

    before using it with the old script, or you can copy the new script above, since I updated the page.

  4. Hello,

    can you tell me exactly where I have to customize the code if I want to hide fields and can I delete the code of the funktion hideTabbyRole?

    My fields are


    and the allowed Role is called “special”.

    And another question:
    Are there differences between the different languages?
    The MS CRM System I use is a german one.



    • To implement this you would need to copy the following functions:

      • GetCurrentUserRoles
      • UserHasRole
      • HideFieldByRole

      Then to implement you would use the following:

      var myRoles = GetCurrentUserRoles();

      HideFieldByRole('special', myRoles, crmForm.all.field1, crmForm.all.field1_c, crmForm.all.field1_d);
      HideFieldByRole('special', myRoles, crmForm.all.field2, crmForm.all.field2_c, crmForm.all.field2_d);

  5. I don’t believe there is a difference in the CRM languages for something like this. While I have not written code on other systems, people in the Netherlands and Thailand have used some of the code I have written and they haven’t alerted me to any problems with the language.

  6. Thank you
    this code works well now.

    My problem was that I only wrote the following:

    HideFieldByRole(‘special’, myRoles, crmForm.all.field1)
    It’s very nice that customizing of this script is not as hard as others.


  7. Hello,

    I am trying to implement this code but I am getting no result. If I pste the first code in, no problem, then User has role – the code will be aborded. Do I have to change anything in the code USERHASROLE?
    I am new at this, so I hope that you can and will help me.


    • René, Are you getting an error somewhere? The UserHasRole returns true if the user has the role, so if you are trying to hide something if they are not a system administrator then you need to reverse it using the not operator (!).

      • Can you give an example of reversing the code to only allow the user role specified?

        Is this the line to change: if (roles[i].text == matchon[j]) return true;?
        If yes, how do I change it to say if user is not in role, don’t allow.


  8. I need to see which user has privileges over an iFrame, is it possible with something related to this approach?

  9. GetCurrentUserRoles and UserHasRole can work within an iFrame, it uses the webservice to query CRM.

  10. in the mask of the opportunity detail i have to SHOW some field to some user . the user who can see this particular fields, in the opportunity details, has some features in the user entity.



    i think that if i can read the user role, i could read user filed, but i don’t know how.

    help me, please.

    thanks to everyone.

  11. i tried your code, and it works, but i did this,

    HideFieldByRole(‘role1’, UserRoles,crmForm.all.newfield1);
    HideFieldByRole(‘role2’, UserRoles,crmForm.all.newfield1);

    the objective is that the users with role1 and role2 cant see the fields,
    ok, the problem is that the code hide both field on all the cases, even if the current user just have a third and a different role like role3

  12. If I have to hide coloumn on the grid on the basis of roles…..then what action should i have to take.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>