Create a Role-Based SiteMap Navigation in Dynamics 365 CE

In this blog post, we will learn how to create role-based SiteMap navigation in Dynamics 365 CE. In a role-based Sitemap, we will restrict the area of Sitemap based on the security roles of a user.  

In Dynamics 365, the SiteMap provides you the structure for navigation. It is evaluated alongside your security privileges to display navigation options within the application. If your security privileges do not provide read access to an entity laid out in the SiteMap, that navigation option will not be available to you. The <Privilege> element can also be used to specify privilege requirements to view a page that is not related to a specific entity.  

 

Learn more about our Microsoft Dynamics 365 services

 

In the SiteMap, we have areas, groups, and subareas. Selectable areas appear at the bottom of the navigation bar. When you select a certain area, it will be displayed on the navigation bar on the left. The available groups and subareas listed under that area are displayed, as shown in the following image: 

navigation bar on the left

 

In the below image, you can see that we have multiple areas in our customer service hub, and now we will restrict these areas for users based on their security roles. 

services

Role-Based SiteMap 

To restrict navigation, we are going to perform the following steps: 

  • Create custom navigation entities so that D365 will create a custom security group for each entity. 

Create custom navigation

  • Update the Base Security role for each of those groups with ‘Read’ privilege to the newly created Service navigation custom entity so that only the Service Users can access the service area. 

Base Security role

  • Now we need to update the SiteMap privileges for all the Sub Areas. 
    • In the screenshot below,  you can see that the main CRM navigation area (Service) that we are interested in hiding consists of Sub Areas, which are entities. 

CRM navigation area (Service)

  • To hide the Navigation Area, we need to hide all the Subarea objects. To do this, we need to set the Read privilege on the Subarea to the corresponding custom Navigation entity we created earlier. 
  •  We can either export the SiteMap in the Solution RibbonDiffXML or use the out-of-the-box (OOB), SiteMap editor. This blog will focus on the second approach, the OOB Site Map Editor one. 
Learn more about our Microsoft Dynamics 365 services

SiteMap Editor 

  • To set the Privilege on the SubAreas using SiteMap editor, we need to perform the following steps: 
    • Click on the gear icon on the top right corner of your application and select advance setting. 

SiteMap Editor 

    • Under settings, go to My Apps and select the application in which you want to restrict the navigation area. In our case, the app name is Customer Service Hub. After selecting the application, click on more options (…)

app name is Customer Service

    • Now click on the “OPEN IN APP DESIGNER” option. This will redirect you to the Power Apps App Designer page. On this page, click on “Site Map Designer” to customize the site map.

OPEN IN APP DESIGNER

    • Now select any of the SubAreas under Area Service. 
    • On the right side, under the properties window, click on Advance, then on Privileges. Select the entity ‘Service Navigation’ we created earlier, and then click on the “+” button.

Service Navigation

    • Expand the command and check only the Read command.

Read command

    • Perform steps 4 and 5 for all the SubAreas appearing under the Service Area. 
    • After setting the Read privilege against all the SubAreas, click on Save on the top right corner and then click on Publish. 

 

  • Now Log in as a user without the “Service Navigation” Read Privilege, and you will not see the Service Area.

Service Navigation

  • As you see in the above screenshot, the “Service” area is no more visible to the logged-in user. 
  • Complete the Privileges for the rest of the Security Groups so that the  Areas are locked down consistent with their corresponding custom navigation entity. In our case, there will be three Custom Navigation Entities: 
    • Service Navigation 
    • Service Management Navigation 
    • Scheduling Navigation 

Conclusion 

In this blog, we learned how to restrict Sitemap areas or navigation within an app based on the security roles of a user. We created a custom entity, and based on the privileges of that entity; we restricted the subareas (entities). We used the OOB Sitemap editor to set the privileges on the subareas. By following this blog, you can restrict the SiteMap of any app present in your Dynamics 365 CE.  

In case you want to reset your SiteMap to the default settings, there are several SiteMap editors available, such as XRMToolBox and XRM.tools, which allow you to roll back to the default SiteMap if required.  

If you have any question or queries, do not hesitate to reach out to us

Happy Navigating!