Hide Areas & Sub Areas in the SiteMap using Security Roles in Dynamics CRM (Privilege tag)

If you need to show or hide a sub area in your SiteMap based on access control security roles, you can easily do this using the Privilege tag in the SiteMap as follows:

<SubArea Id=”crm_myentity” Entity=”crm_myentity”>
<Privilege Entity=”crm_myentity” Privilege=”Read” />

Based on the above, this sub area will only be shown to users who have security roles with read privilege of the custom entity: crm_myentity.

You can add the privilege tag above to any sub area and the entity in the privilege tag can be any entity and doesn’t have to be the same one as the sub area. For example, the following is also applicable:

<SubArea Id=”contact” Entity=”contact” Title=”Contacts”>
<Privilege Entity=”crm_myentity” Privilege=”Read” />

This will hide the contact sub area for users without the read privilege for the entity crm_myentity. You can mix and match as much as you want to show and hide any sub area in the sitemap based on any entity you require whether they are customisable/system or custom entities.

As for hiding and controling access to a whole area in the sitemap such as Sales, Marketing or Service (site map section), you will need to set the privilege tag to every sub area inside this area.

So for example, if you want to hide the whole of the Sales Area for specific users, you need to add the “<privilege  />” tag to every sub area in the Sales Area. What you can also do, is create a custom entity specifically for setting the security on the SiteMap. The following example will hide the Sales (or marketing or service) area for all users who do not have a security role with read access to the custom entity crm_SiteMapPrivilege:

<!–Sales Area–>

<Area Id=”SFA” ResourceId=”Area_Sales” Icon=”/_imgs/sales_24x24.gif” DescriptionResourceId=”Sales_Description”>
<Group Id=”SFA”>
<SubArea Id=”nav_leads” Entity=”lead”>
<Privilege Entity=”crm_myentity” Privilege=”Read” />
<SubArea Id=”nav_oppts” Entity=”opportunity”>
<Privilege Entity=”crm_myentity” Privilege=”Read” />

What you can then do is that, you make every sub area in the Sales area requiring the read privilege of SiteMapPrivilege entity, every sub area under the Marketing area can then have the Write privilege and every sub area under the Service area can have the Create privilege of the crm_SiteMapPrivilege entity. So similar to how the Sales area has read as per the previous example, the Marketing and Service areas can look like this:

<!–Marketing Area–>

<Area Id=”MA” ResourceId=”Area_Marketing” Icon=”/_imgs/marketing_24x24.gif” escriptionResourceId=”Marketing_Description”>
<Group Id=”MA”>
<SubArea Id=”nav_leads” Entity=”lead”>
<Privilege Entity=”crm_myentity” Privilege=”Write” />
<SubArea Id=”nav_accts” Entity=”account”>
<Privilege Entity=”crm_myentity” Privilege=”Write” />

<!–Service Area–>

<Area Id=”CS” ResourceId=”Area_Service” Icon=”/_imgs/services_24x24.gif” DescriptionResourceId=”Customer_Service_Description”>
<Group Id=”CS”>
<SubArea Id=”nav_apptbook”>
<Privilege Entity=”activitypointer” Privilege=”Read” />
<Privilege Entity=”service” Privilege=”Create” />
<SubArea Id=”nav_cases” Entity=”incident>
<Privilege Entity=”service” Privilege=”Create” />


Hence, based on the above 3 examples (Sales, Marketing, Service), you will need to make sure that users who should see the Sales Area has a security role with the read privilege of our custom entity (crm_SiteMapPrivilege), users who should see the Marketing area must have a security role with the Write privilege of crm_SiteMapPrivilege and Create privilege for Service.

The same applies for any additional Areas that you creates. So if you have added a new custom Area in your SiteMap, you should then use another privilege (append, appendto, etc) for every sub area under your new custom Area in the Site Map to show and hide this area based on your chosen privilege.

You can either manually amend your users security roles to add the privilege (read, write, etc..) or alternatively, a much better way of doing this is to create a new security role for each area. So what I have done is I created the following security roles: Access to Sales Area Access to Marketing Area Access to Service Area Access to MyCustom Area

In each security role, I only set the privilege for my custom entity crm_sitemapprivilege as follows:

For Security role: Access to Sales Area, set “Read” on crm_sitemapprivilege For Security role: Access to Marketing Area, set “Write” on crm_sitemapprivilege For Security role: Access to Service Area, set “Create” on crm_sitemapprivilege For Security role: Access to MyCustom Area, set “Append” on crm_sitemapprivilege

Once I’ve done that, I add those security roles to the users based on what they need to see. So for example: User1, need to see sales area, assign security role: Access to Sales Area. User2, need to see marketing area, assign security role: Access to Marketing Area. and so on,

you get the drill.

Last thing to mention is the possible privilege values that you can use. These can be:

All AllowQuickCampaign Append AppendTo Assign Create Delete Read Share Write

you can also use a combination of those values such as: “Read,Write” or “Read,Write,Create” and so on.

so your privilege tag will look something like this:

<Privilege Entity=”crm_sitemapprivilege” Privilege=”Read,Write” />
<!– OR –>
<Privilege Entity=”crm_sitemapprivilege” Privilege=”Read,Write,Share,Write,Append” />

The advantage of using combinations is that it will allow you to do this for as many Areas as you could ever need.

Hope this helps. Please comment below with feedback, thoughts or suggestions.

Scribe Insight cross-reference drop-down and pick-list mapping approaches (option sets in Dynamics CRM)

In your Scribe workbench dts package you usually need to map a dropdown (or picklist) to another dropdown or optionset (as in Dynamics CRM). This is a common requirement as part of data migration and data integration projects to link between drop down menus in source system to those corresponding to the target system.

For example, the source system (assume it’s a file) has Salutations values as:



The target connection on the other hand (assume it’s Microsoft Dynamics CRM 2011 system), has option set values as follows:



To achieve this mapping between the id and values of both source and target systems, there are a number of approaches and methods as listed below:


Method 1: Use a cross reference (Xref.ini) file for mappings. This is the standard approach (I claim) for mapping two optionsets in Scribe Insight. All you need to do is create a new file, call it anything such as XREF.INI. Within this file, build all your mappings as follows:



4=Executive Director


As you can see in the file, there are two sections. You can have as many sections as you want all in one file. Each section will map two drop down menus together. The first section, Salutation_Code, maps Mr (id=1 in source file) to Mr (id = 1000000000 in target CRM).

Once you add your mapping section in the file, you can then write a formula to cross reference the value on the target to the source. The formula for the Salutation target field can be something like in this example: FILELOOKUP(S7, “XREF.INI”, “Salutation_Code” )

The following screenshot shows a sample forumula:

What will happen is that, based on the source value (in our case s7), the corresponding salutation in the cross reference file will be inserted to the target

More details can be found on Scribe Insight Online help here: http://community.scribesoft.com/helplibrary/mergedProjects/Insight/Formulas/Functions/FILELOOKUP.htm


Method 2: Map and crossreference drop downs and pick lists using Scribe Work bench formulas

In this method, you either create all your option set values in the target Dynamics CRM system to have the same id as the source (for example: 1=1) or you do a formula to manually do the mapping. This could work in cases where there is two or three options but otherwise, it gets too complicated for no real benefit.

The formula can be something like this:

IF(S7=”1″,”100000000″,IF(S7=”2″,”100000001, “”))

In other words, if the source = 1 (Mr), then set the target = 100000000. Else, if source = 2 (Mrs), then set target = “100000001”. Otherwise, leave target blank.