Create a Role-Based SiteMap Navigation in Dynamics 365 CE

In this blog post, we will learn how to create role-based SiteMap navigation in Dynamics 365 CE. In a role-based Sitemap, we will restrict the area of Sitemap based on the security roles of a user 

In Dynamics 365, the SiteMap provides you the structure for navigation. It is evaluated alongside your security privileges to display navigation options within the application. If your security privileges do not provide read access to an entity laid out in the SiteMap, that navigation option will not be available to you. The <Privilege> element can also be used to specify privilege requirements to view a page that is not related to a specific entity.  


Learn more about our Microsoft Dynamics 365 services

In the SiteMap, we have areas, groups, and subareas. Selectable areas appear at the bottom of the navigation bar. When you select a certain area, it will be displayed on the navigation bar on the left. The available groups and subareas listed under that area are displayed, as shown in the following image: 


In the below image, you can see that we have multiple areas in our customer service hub, and now we will restrict these areas for users based on their security roles. 

Role-Based SiteMap 

To restrict navigation, we are going to perform the following steps: 

  • Create custom navigation entities so that D365 will create a custom security group for each entity. 

  • Update the Base Security role for each of those groups with ‘Read’ privilege to the newly created Service navigation custom entity so that only the Service Users can access the service area. 

  • Now we need to update the SiteMap privileges for all the Sub Areas. 
    • In the screenshot below,  you can see that the main CRM navigation area (Service) that we are interested in hiding consists of Sub Areas, which are entities. 

  • To hide the Navigation Area, we need to hide all the Subarea objects. To do this, we need to set the Read privilege on the Subarea to the corresponding custom Navigation entity we created earlier. 
  •  We can either export the SiteMap in the Solution RibbonDiffXML or use the out-of-the-box (OOB), SiteMap editor. This blog will focus on the second approach, the OOB Site Map Editor one. 

Learn more about our Microsoft Dynamics 365 services

SiteMap Editor 

  • To set the Privilege on the SubAreas using SiteMap editor, we need to perform the following steps: 
    • Click on the gear icon on the top right corner of your application and select advance setting. 

    • Under settings, go to My Apps and select the application in which you want to restrict the navigation area. In our case, the app name is Customer Service Hub. After selecting the application, click on more options (…)

    • Now click on the “OPEN IN APP DESIGNER” option. This will redirect you to the Power Apps App Designer page. On this page, click on “Site Map Designer” to customize the site map.

    • Now select any of the SubAreas under Area Service. 
    • On the right sideunder the properties window, click on Advance, then on Privileges. Select the entity ‘Service Navigation’ we created earlier, and then click on the “+” button.

    • Expand the command and check only the Read command.

    • Perform steps 4 and 5 for all the SubAreas appearing under the Service Area. 
    • After setting the Read privilege against all the SubAreas, click on Save on the top right corner and then click on Publish. 


  • Now Log in as a user without the “Service Navigation” Read Privilege, and you will not see the Service Area.

  • As you see in the above screenshot, the “Service” area is no more visible to the logged-in user. 
  • Complete the Privileges for the rest of the Security Groups so that the  Areas are locked down consistent with their corresponding custom navigation entity. In our case, there will be three Custom Navigation Entities: 
    • Service Navigation 
    • Service Management Navigation 
    • Scheduling Navigation 


In this blog, we learned how to restrict Sitemap areas or navigation within an app based on the security roles of a user. We created a custom entity, and based on the privileges of that entity; we restricted the subareas (entities). We used the OOB Sitemap editor to set the privileges on the subareas. By following this blog, you can restrict the SiteMap of any app present in your Dynamics 365 CE.  

In case you want to reset your SiteMap to the default settings, there are several SiteMap editors available, such as XRMToolBox and, which allow you to roll back to the default SiteMap if required.  

If you have any question or queries, do not hesitate to reach out to us! 

Happy Navigating! 

Leave a Reply

Your email address will not be published. Required fields are marked *