Show/Hide ribbon button based on security role using “EntityPrivilegeRule” in Dynamics 365 CE (Without writing code).

In my last post I was discussing about how to hide Ribbon button using “MiscellaneousPrivilegeRule” without writing any code or creating any entity, we always prefer to do things better way, but sometimes for that we may need to maintain additional things. Similarly, to show/hide ribbon button you can easily do based on security role by using Dynamics 365 Display Rule, but for that we need to depend on some entity privilege. For example, let say you want to hide certain button only if the entity has at least user level “CREATE” access. In this article I am going to show that.

Here is my scenario, I don’t want to do “Sale Managers” users to close an open opportunity as won. So, to that we need to hide “Close as won” button for all the user assigned “Sales Manager” Role.

In this context as I mentioned we need to depend on some dummy entity, here I have created one dummy entity called “new_buttonaccess” and I will give at least user level ” CREATE” access to   perform opportunity “Close as won” and if the user does not have any “CREATE” access user won’t be able to perform opportunity “Close as won” which means user can’t see “Close as won” button.

Here is my display rule, I selected Default = true with condition I have mentioned PrivilegeDepth =Basic and PrivilegeType= Create, which means user only can see the button if user having “new_buttonaccess” entity user level “CREATE” acc. Creating an entity having an advantage that  you can use other privilege like READ, DELETE,APPEND,APPEND TO,SHARE,ASSIGN to do similar logic for any other button to do the same if you have similar requirement.


Now I am going to check “CREATE” access level of “new_buttonaccess” entity  for  “Sales Manager” security roles . Here you can see I have not given any access, that means “Sales Manager” roles does not see the button “Close as won”.


Here you can see the user assigned “Sales Manager” roles does not see “Close as won” button –


Again, I am going to configure another role called “Vice President of Sales” so that user assigned “Vice President of Sales” can see the opportunity “Close as won” button.


Now I am changing the same user security role to “Vice President of Sales” and see the result.


Now user can see “Close as Won” button.


Hope this helps.

Show/Hide ribbon button based on Security Role without writing code in Dynamics 365 CE?

Recently I have seen in a community post, there was a requirement to show/hide opportunity “Close as won” and “Close as lost” button based on user security role without writing any code. Ideally in this scenario we basically retrieve the user role name using web API and then based on that we return true/false to show/hide the button using ribbon workbench enable rule. But now days as you may know that most of the browser deprecated Synchronous call and reason why we are following some alternate options like here Andrew Butenko’s mentioned his blog, Thanks to Andrew for his blog and its really useful when you need to do an API call.

I thought why not we do this without writing code? and can we avoid hard-coded roles name in the code to make it more configurable way? is this possible? yes, it is possible without writing code and you can easily avoid hard-coded check instead give permission in the security roles, but for that we need to first be sure which access we will be used to show/hide button in the security role. There are two way we can do this .

  • Using Miscellaneous Privilege in security roles.
  • Using Entity privilege.

Using Miscellaneous Privilege in security roles.

You may be thinking why I have first chosen Miscellaneous privilege? Yes, because most of our non-System Admin Dynamics 365 user not using all the miscellaneous privilege and for them certain Miscellaneous access is useless unless they have System Administrator role. And using Entity Privilege Rule you need to depend on another entity access, in that case you need to create a dummy entity, or you need use some unused entity privilege for that. So, to avoid maintain additional entity, I have used here Miscellaneous privilege rules under display rules.

In my scenario my user assigned to “Sales Manager” security role and I don’t want that he will be able close opportunity as won. As I mentioned that for “Sales Manager” Security role is not a System Administrator and should not have most of miscellaneous privilege. So here you can see user does not have “Publish Duplicate Detection Rules”.


Now lets open Ribbon workbench with opportunity entity. To do that you must create a solution and then include opportunity entity over there. Now open the solution using ribbon workbench. Find the button and click on “Customize Button” and then again right click on the button and click on “Customize Command”.


Once you do that, you can see   Display Rules for the button.

Right click to add Display Rule –


Now in the Add Step choose “MiscellaneousPrivilgeRule”.


Now here are the rule details which I have set –


I have set here “Duplicate Detection” privilege depth “Basic” which means user with minimum access   “Basic” on duplicate detection can see the “Won” button.

Now associate rules to the command, and then publish.


Now user having access “Sales Manager” login into Dynamics 365 and open an opportunity see “Close as won” button is not showing.


Similarly, to bring back button for other user make sure you need to provide Miscellaneous privilege “Publish Duplicate Detection Rules” at least user level access to other security roles.

Using Entity privilege.

I don’t want to get into the details about entity privilege rules here , as the name suggest that you can show hide button based on certain entity privilege depth and type. This is a very useful features in Dynamics 365. You just need to define one entity depending on the privilege type/depths you can show hide the button. For example, lets suppose you want to hide if user does not have any access on “new_tesentity”, you can do create following rule.


You can go ahead and check my next post to get more details about EntityPrivilegeRule.

And finally, please note that this is one of workaround, and you must choose Miscellaneous Privilege very carefully  and don’t forget to give other user access so that other user may not loose any expected functionality. If you think that you are ready to maintain additional entity you  can always go with create a new entity and use “EntityPrivilegeRule” under display rule.

Hope this useful for you!!

How to display more than three columns in Dynamics 365 lookup view.

We know that we can display multiple column in the dynamics 365 lookup view but there is a limitation that you can only display maximum three column in the lookup view, though we can add multiple columns in the lookup view but you can see only first three columns in the lookup view. This is a limitation in Dynamics 365, Microsoft mentioned here.

Now how to display more than three column value in the lookup. You might be thinking to create a field where if we can store concatenating multiple fields value with some separator and add the field in the lookup view. So now to do this you may need to go for workflow /plugin/JS which is additional work.

Why not we go for calculated field where we can concatenate multiple fields and add the calculated field in the lookup view. I did the same with calculated fields and now I can display more than one field value in my lookup view.

I have created a calculated field (type single line text) in account entity and concatenate few fields with “/” separator which I want to display in the lookup view.

My calculated fields working  fine, see below screenshot.

Now I have added the calculated field in the Account lookup view and do save and publish all customization.



Now I can see more than three column value in the lookup view.


I have also answered similar question in Dynamics CRM Community


Hope this helps 😊.

Solution Patch in Microsoft Dynamics 365


Solution patching is a very powerful feature in Microsoft Dynamics 365 when you are working on different phases for a project or working with multiple solution. In my experience, one of the complex things is to managing solution in Dynamics 365. Many people are struggling with managing their managed/unmanaged solution now days, believe me your life will become easy when you use Solution Patching.

Why Solution Patch is Required?

You may know there is two type of solution called managed and unmanaged. I am not going to details about those. In development environment we usually working on unmanaged solution and when we are moving the solution to another environment most of the time we are making it managed solution.

The problem starts here, every time you must deploy complete managed solution (For any changes of existing managed solution component) in your target instance (UAT), which means by unknowingly/unintentionally you are overwriting changes to your target instance(UAT). This creates problem when many people working on the same solution. You might not aware who did what, moreover you may need to do complete test after deployment, which need additional effort and time.

How do you manage solution Patch?

Before moving the actual topic, I would like to talk about versioning of the solution. Microsoft Dynamics 365 provides solution version number format which looks like Where last two numbers define as minor version, and the first two numbers talks about major version. So how you can apply version number using patch?

In the Dynamics 365 there are two button “Clone To Patch” and “Clone Solution”. When you will do “Clone To Patch” that means you are creating minor version from your main solution which means you are creating a patch where you are going to change future task . Here you can see you can only change last two numbers for “Clone To Patch”.


Let’s assume you have an unmanaged solution called “Solution M” (version which delivered in UAT as managed solution. Now you are moving to project next phase or you got some change request and now you must create a patch on top of unmanaged solution. Assume that you create solution “Patch A “with version and “Patch B” with Version

You can create number of patches as per your requirement and deploy only patches to the target instance. So in your DEV environment you have below solution.

  1. “Solution M” (Version: [Main unmanaged in DEV]
  2. “Patch A” (Version: [Unmanaged]
  3. “Patch B” (Version: [Unmanaged]

And in your UAT instance you have all solution like above and those are managed.

  1. “Solution M” (Version: [Main managed solution which delivered first to UAT]
  2. “Patch A” (Version: [managed]
  3. “Patch B” (Version: [managed]

You might be thinking it’s difficult to manage multiple solution again using solution patching. No it’s not like that and that’s why you have a button “Clone Solutions”.

You should always do “Clone Solution” by selecting parent solution (Here our parent solutions “Solution M”) from where you have created the patches. So once you do “Clone solution” by selecting the parent solution (Solution M) all the patches will be merged with a new version of Solution. Let’s give the version no of new cloned solutions Look below screenshot when you do “Clone Solution”, which means you are creating major version by merging all the patches and creating only one solution.


You will see only one solution in you DEV environment after doing “Clone Solution”. All solution will be automatically merged; you don’t need to manually handle them.

  1. “Solution M” (Version: [Main unmanaged in DEV]

Now you might be thinking what happen when you deploy the cloned solution in the target instance (UAT). When you deploy new cloned Managed solution its automatically merge all the existing managed solution and you can see only one solution in your target instance. Make sure you choose following options at the time of import. [For major version/cloned solutions, this may be including deletion existing fields, entity from the solution which will apply to target instance.].

  1. Stage for Upgrade.
  2. Overwrite Customization.


Once solution import done don’t forget to do “Apply Solution Upgrade”. Once you click on apply solution upgrade which means you want to upgrade the solution as it is like DEV which is will also apply deletion of any component from the existing solution in your Target instance. This is one of the beauty part of the Solution cloning. Ideally if you don’t use Solution Clone, you will get the dependency error for importing managed solution. So now you don’t need to worry about that.


After doing “Apply Solution Upgrade”, don’t forget to do “Publish all customization”. You will see in your target instance (UAT), only one solution will be there.

  1. “Solution M” (Version: [Managed solution in target instance (UAT ) after deploying cloned solution.]

Hope this helps J.

Workaround of Dynamics 365 file download issue in Chrome browser

Recently there is an issue happening in Chrome browser latest update (Version 72.0) while downloading any file from Microsoft Dynamics 365. File is always downloading with name inside single quotes.Many people are raising this issue in the community.






This is a known issue and  Microsoft is working on this , hopefully it will resolve soon. Workaround would be rename (Remove single quotes ) the file after download to open with proper format. 

Also you can download the chrome extension for temporary fix.


Hope this helps :).








Auto Save Feature in Dynamics 365 CE.

This is kind of old feature which was released in Dynamics CRM 2013. You may know its tells everything when we say Auto-Save. However, we must know some of the key points associated with Auto Save.

Key Points about Auto Save

  • You can enable auto to save by going to Settings ->Administrator –> System Settings -> Under General Tab -> Select Yes.


  • Auto Save feature works only on update form.
  • Auto Save feature does not work on create form.
  • Whenever you set any value of the field using JavaScript or manually or business rules you can see in the bottom right corner of the form save icon with text “Unsaved Changes” if you removed the cursor from the field, once 30 seconds /default time over form will automatically save.


  • Whenever you navigate to another form, if you change any fields value in the form. You cannot see below popup to say that “Your changes have not been saved”, which means form always save automatically if any changes you did in the form. In other words, when you navigate to another page, Auto Save is trigger immediately. No matter about time 30 seconds over or not.


  • Auto Save trigger after 30 seconds of remove cursor from the field.
  • Auto Save does not start time count when your cursor inside the field. You must move the cursor from the field to start time count.
  • Once Auto Save enabled you cannot see the “SAVE” button in the top ribbon of any update form.You can use short cut CTRL+ S to save the forms.


Hope this helps.

Validate different entity fields value using workflow

Sometimes we may have requirement to validate some different entity fields while creating or updating record. This can be done by using plugin or JS API code, but how to do that without writing any code or using OOB workflow.

Yes, this is true that its depends on the scenario and not all scenario you cannot validate different entity records using workflow. Now question is when and which scenario you can validate different entity record using OOB workflow.

Let’s assume I have two entities one is Category and second one is Subcategory. The relation between Category and Subcategory having 1: N, which means a Category can have multiple Subcategory. In other words, in the subcategory we will have a lookup field of category and in the Category entity we would have SubGrid of Subcategory records. In short Category is a parent entity and subcategory is a child entity.

So in that case you can validate parent entity record while creating child record. And it’s not possible to validate child entity record while creating parent record using workflow. This is because in the workflow you will not get the lookup reference.


In Category entity I have field called “categoryname” and in the “Subcategory” entity I have a field called “subcategoryname”. I want to restrict creation of SubCategory entity record if the “subcategoryname” name matches with “categoryname”.

Here are the steps how to do that –

Step: Create a workflow create event and of “SubCategory” entity.


Step 2: In the condition I put subcategoryname = Choose the related lookup of the Category entity and under that select “categoryname”.


Here is the result –


Hope this helps.

Retrieve User assigned Roles with user information using Query Expression , C# in Dynamics 365.

Sometimes we may need to retrieve login user security roles with user details using Query Expression. Here is simple Query Expression to retrieve user information with all assigned security roles by user GUID.

                // Pass user GUID
                Guid userid = new Guid("55A0BCC3-6DC2-4B75-B00F-200B2C7A8EF6");
                QueryExpression qe = new QueryExpression("systemuserroles");
                qe.Criteria.AddCondition("systemuserid", ConditionOperator.Equal, userid);

                LinkEntity link1 = qe.AddLink("systemuser", "systemuserid", "systemuserid", JoinOperator.Inner);
                link1.Columns.AddColumns("fullname", "internalemailaddress");
                LinkEntity link = qe.AddLink("role", "roleid", "roleid", JoinOperator.Inner);
                link.Columns.AddColumns("roleid", "name");
                EntityCollection results = organizationService.RetrieveMultiple(qe);
                foreach (Entity Userrole in results.Entities)
                    if (Userrole.Attributes.Contains("systemuser1.fullname"))
                        Console.WriteLine("User Name : - " + (Userrole.Attributes["systemuser1.fullname"] as AliasedValue).Value.ToString());
                    if (Userrole.Attributes.Contains("systemuser1.internalemailaddress"))
                        Console.WriteLine("Email : - " + (Userrole.Attributes["systemuser1.internalemailaddress"] as AliasedValue).Value.ToString());
                    if (Userrole.Attributes.Contains("role2.roleid"))
                        Console.WriteLine("RoleId : - " + (Userrole.Attributes["role2.roleid"] as AliasedValue).Value.ToString());
                    if (Userrole.Attributes.Contains(""))
                        Console.WriteLine("Role Name : - " + (Userrole.Attributes[""] as AliasedValue).Value.ToString());



Here is the results.


I have answered similar requirement here  in D365 community.

Hope this helps.

Understanding QueryExpression “Orders” in Dynamics 365

Recently I am experiencing an issue while setting “Order” of the QueryExpression with attributes name using link entity “Alias” name.

Let me give you a scenario let say you I am retrieving Account information and related primary contact information of the account. Here is my query, I am retrieving account name and primary contact first name, last name here. Here you can see I have used “primarycontact.firstname” in the order expression of the link entity. Below code give me error “primarycontact.firstname” does not exists in contact entity.

QueryExpression qe = new QueryExpression();

qe.EntityName = "account";

qe.ColumnSet = new ColumnSet();


qe.LinkEntities.Add(new LinkEntity("account", "contact", "primarycontactid", "contactid", JoinOperator.Natural));

qe.LinkEntities[0].Columns.AddColumns("firstname", "lastname");

qe.LinkEntities[0].EntityAlias = "primarycontact";

// Set Order for Child - No need entity Alias, just to add the link entity column name inside link entity order expression

OrderExpression linkentityOrder = new OrderExpression("primarycontact.firstname", OrderType.Ascending);


EntityCollection ec = organizationService.RetrieveMultiple(qe);


So now what should you use when you are retrieving multiple entity data with order of child entity or parent entity attributes. Now look at above query at first I am adding parent (Account) entity columns like –



And then I am adding columns of link entity (Contact) under link entity expression –

qe.LinkEntities[0].Columns.AddColumns("firstname", "lastname");


Which means we are defining columns in a query expression in two level, first for the parent entity and then the link entity level.  We don’t need to use any “Alias” name separately while setting ordering of the columns in a query expression. Simply use the name of the attributes which you set the columns under link entity.

Here you can see I have used the same name which I used at the time of adding the columns in the child entity as parent entity and this should work fine.


qe.LinkEntities[0].Columns.AddColumns("firstname", "lastname");

qe.LinkEntities[0].EntityAlias = "primarycontact";

// Set Order for Child - No need entity Alias, just to add the link entity column name inside link entity order expression

OrderExpression linkentityOrder = new OrderExpression("firstname", OrderType.Ascending);


Here is the final query which should work for you, make sure you cannot set two order expression at a time so I have commented parent “Order” expression.



QueryExpression qe = new QueryExpression();

qe.EntityName = "account";

qe.ColumnSet = new ColumnSet();

qe.ColumnSet.Columns.Add("name"); // parent entity (Account) Field

//  * Set Order for parent - No Need Alias name, only name of the attributes *

// OrderExpression ParentEntityOrder = new OrderExpression("name", OrderType.Descending);

// qe.Orders.Add(ParentEntityOrder);

qe.LinkEntities.Add(new LinkEntity("account", "contact", "primarycontactid", "contactid", JoinOperator.Natural));

qe.LinkEntities[0].Columns.AddColumns("firstname", "lastname"); //link entity ( Contact) Field

qe.LinkEntities[0].EntityAlias = "primarycontact";

// Set Order for Child - No need to use entity Alias name, just to add attributes name which you add columns inside link entity.

OrderExpression linkentityOrder = new OrderExpression("firstname", OrderType.Ascending);


EntityCollection ec = organizationService.RetrieveMultiple(qe);



In summary, you cannot use “Alias” name in the “Order” expression  of any query expression, you should set attributes name only.

Dynamics 365 workflow “parallel wait branch” scenario

We have a requirement to send email notification if case is open status 7 days after creation.Now if the case is resolved before 7 days system will not send any notification.

I have created simple workflow in the event of   creation and status change of case . In the first step I used wait condition when case status is open , wait 7 days and send email. I created another steps where I am checking if status is resolved then stop workflow.

Ideally this should work , but actually not. We can not stop workflow which is running in different instance wait condition as a result when case is resolved before wait time(7 days)the workflow instance showing waiting status and and sending the email notification when wait condition is over.

This is because when we define only wait condition workflow instance already started waiting with the condition and wirkflow is continue running even we stop the instance in another steps.

To overcome this situation we need to use parallel wait branch. Parallel wait branch basically check more than one condition in same workflow wait instance.
Hope this helps.