cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
danielmbaquero
Frequent Visitor

Block edit of record from specific user model-driven app

Hello everyone,

 

I’m working in a model-driven app for the performance evaluation in my organization. I created a table with the evaluations that must be completed. There are two user related fields in the table, the “evaluated” and “evaluator” fields. Also, I have two different views, one for the evaluator to see all pending evaluations and the other for the evaluated to see already completed evaluations of himself. Those views ere filtered eighter by the “evaluated” and “evaluator” field equal to current user to display the appropriate information. However, I have a problem in the view of already completed evaluations. If the user double-click on the record, he will be redirected to the evaluation form and he is able to edit the record.

I want to forbid this behavior; I want to have a view for the completed evaluations that if any record is doubled-clicked nothing happens.

I’m open to any alternative of a view-only table that can be embedded in the model-driven app. Any help would be appreciated.

Also, I’m not a JS programmer in case any solution involves a custom script.

1 ACCEPTED SOLUTION

Accepted Solutions
dpoggemann
Resident Rockstar
Resident Rockstar

Hi @danielmbaquero ,

 

I would do this through the security model within the Dataverse to control access.  

  1. First of all, utilize the Owner of the record to drive who "owns" the record.  Example is the Evaluator should be the owner of the record and this will allow them to view the records (by creating My Evaluations view for your table with the filter as them being owner) and you can have another field on the record as the user lookup for the Evaluator.  Again, using the owner will follow standard security model and you can use role based security to control access (https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds).  
  2. Create Access Team and then utilize this to dynamically allow the person being evaluated to access the record.  Access Teams provide the ability to control the user's access to the record so you can set this as "Read Only" and they will not be able to edit the record no matter how they go after it!  Good article on Access Teams (https://powerobjects.com/dynamics-365/using-access-teams-dynamics-365/
  3. Setup realtime workflow that you can execute maybe on a status change of the record to "Completed" or whatever and this would ad the person being evaluated on the record to the Access Team.
  4. Create a view for the person being reviewed that will allow them to view all records where they are part of the Access Team.  

Overall this approach uses standard Model App and Dataverse capabilities with no custom code required.  The security is controlled through Microsoft's standard security model so users will not be able to inadvertently view records they do not have access to.

 

Hope this helps.  Please accept if answers your question or Like if helps in any way.


Thanks,

 

Drew

View solution in original post

8 REPLIES 8
rampprakash
Impactful Individual
Impactful Individual

Hello @danielmbaquero,

 

Correct me if am wrong, you are having a Field that will contact Evaluated or Evaluator

if you open Evaluated Record it should be read only 

if you open Evaluator Record it should be Editable 

 

Am i correct?

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Blog : https://microsoftcrmtechie.blogspot.com

Hello @rampprakash,

 

My table have two user fields, one for the evaluated and one for the evaluator.

If the user in the evaluator field opens the record it should be editable.

If the user in the evaluated field opens the record it should be read only.

Hope that clarifies the problem.

rampprakash
Impactful Individual
Impactful Individual

Hello @danielmbaquero,

 

you can try below Script to achieve the same

 

function enableDisableField(executionContext) {

var formContext = executionContext.getFormContext();
var EvaluatorID = "";
var EvaluatedID = "";
if (formContext.getAttribute("EVALUATORLOGICALNAME").getValue() != null) {
EvaluatorID = formContext.getAttribute("EVALUATORLOGICALNAME").getValue()[0].id.toString().replace("{", "").replace("}", "");
}

if (formContext.getAttribute("EVALUATEDLOGICALNAME").getValue() != null) {
EvaluatedID = formContext.getAttribute("EVALUATEDLOGICALNAME").getValue()[0].id.toString().replace("{", "").replace("}", "");
}

var getLoggedinUseriD = formContex.getUserId().replace("{", "").replace("}", "");

if (EvaluatorID == getLoggedinUseriD || EvaluatorID == EvaluatedID) {
formContext.ui.controls.forEach(function (control, i) {
if (control && control.getDisabled && !control.getDisabled()) {
control.setDisabled(false);
}
});
}
else {
formContext.ui.controls.forEach(function (control, i) {
if (control && control.getDisabled && !control.getDisabled()) {
control.setDisabled(true);
}
});
}
}

 

You can call this function in OnLoad of Form

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Blog : https://microsoftcrmtechie.blogspot.com

dpoggemann
Resident Rockstar
Resident Rockstar

Hi @danielmbaquero ,

 

I would do this through the security model within the Dataverse to control access.  

  1. First of all, utilize the Owner of the record to drive who "owns" the record.  Example is the Evaluator should be the owner of the record and this will allow them to view the records (by creating My Evaluations view for your table with the filter as them being owner) and you can have another field on the record as the user lookup for the Evaluator.  Again, using the owner will follow standard security model and you can use role based security to control access (https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds).  
  2. Create Access Team and then utilize this to dynamically allow the person being evaluated to access the record.  Access Teams provide the ability to control the user's access to the record so you can set this as "Read Only" and they will not be able to edit the record no matter how they go after it!  Good article on Access Teams (https://powerobjects.com/dynamics-365/using-access-teams-dynamics-365/
  3. Setup realtime workflow that you can execute maybe on a status change of the record to "Completed" or whatever and this would ad the person being evaluated on the record to the Access Team.
  4. Create a view for the person being reviewed that will allow them to view all records where they are part of the Access Team.  

Overall this approach uses standard Model App and Dataverse capabilities with no custom code required.  The security is controlled through Microsoft's standard security model so users will not be able to inadvertently view records they do not have access to.

 

Hope this helps.  Please accept if answers your question or Like if helps in any way.


Thanks,

 

Drew

View solution in original post

Hi @dpoggemann,

Thank you for your recommendation. I deep dive into the control access and found a formula that did the trick. First, I used the owner field as the “Evaluator” user. Then, configured the security role of the basic user to edit at user level and view at an organization level. Also, configured the form to grant access for basic users.

dpoggemann
Resident Rockstar
Resident Rockstar

HI @danielmbaquero ,

 

One quick thing on your current approach. If you set the "read" at the Organization level this means that every user will be able to read all of the evaluations.  Is this what you want or should the users only be able to view their own reviews and the ones they are completing for others?  Just wanted to check because thought it might be an issue.  This is why I suggested the Access Team as you can setup so users can only read their own reviews and of course edit the ones they are reviewers for...

 

Thanks,


Drew

Hi @dpoggemann,

Thank for your concern. I’m taking care of it with the filters of the view. There is an additional Boolean field to know if the evaluation is completed or not. The view filters are set up to show only records that are completed and the “evaluated” field is equal to the current user. In the tests that I performed everything is working as expected.

For the evaluations that must be done, there is another view with the filters set up to display only records that are not completed yet and those whose owner is equal to current user.

 

Kind Regards,

Daniel M.

dpoggemann
Resident Rockstar
Resident Rockstar

Hi @rampprakash 

Sounds good but just understand if you do not do through security there will be a back door they can get into this and view the information.  Example, is if they are in a model app and do an Advanced Find they will be able to view the records.  Other examples include connecting through Power BI, Odata Connector, upcoming Excel Connector, etc. to Dataverse

 

Thanks,


Drew

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (2,119)