Territory Profiles Issue in CRM

By | April 13, 2010

Territories and Territory profiles are the salient features provided by Sage CRM. These functionalities are most important in order to handle the data security worldwide as per the organizational structures.

As we all know that Territory profiles are used to handle the access rights. We can create profile, set access rights for the primary entities present in the CRM as (Insert/View/Edit/Delete) as per the requirement. And then set profile to user so accordingly that user gets access for particular entity in CRM.

Now the question is, have you ever been come across a situation like CRM is not working properly whenever the profiles are set for the user? It only works for System Admin users or the users belonging to worldwide territory.

If yes, then you just need to check your CRM version. In custom ASP pages if we need to hide or show buttons OR fields on the basis of access rights set for users our normal methodology is to write code like given below.

if(eWare.Button(“”,””, “Item”,”CASES”,”EDIT”))
Response.Write(“You have case edit rights!”);
container.AddButton(CRM.Button(“Add Project”, “cancel.gif”, CRM.Url(“Project/ProjectNew.asp”)+”&T=find&E=TestCase”));
Response.Write(“You don’t’ have case edit rights!”);

This code works fine in Sage CRM 6.0 (no patch), but strange to find that the same code doesn’t work in CRM 6.1 patch C. Same is the case with CRM 6.2 SP1.

Based on our investigation, we came across the fact that for Non-admin user if we set territory other than Worldwide (any child territory) and set the profile rights as ViewEdit (in which user has just View and Edit rights on the Company, Person and Case entities) and use these settings through above code then it won’t work in versions we have mentioned. What if this affects the flow of functionality and data security and you are not in position to upgrade to higher versions?

Now how to resolve this: As we can not use standard profile settings using CRM standard way, we will have to do this programmatically. CRM maintains all the access/permissions entries in the TerritoryPermission table. To enable buttons based on permissions, we will have to read all the rights set into this table for the current user and form the conditions accordingly in our routine in order to hide or show the buttons.

Please keep in mind that while checking the rights you will have to consider all the security policies that are applied on CRM. For example: Assigned To, Created By, Home territory rights and Direct Access Rights.

If you find this content useful, Please drop us an email at crm@greytrix.com.