Programmatically Using Security Roles and Secured Actions in Infor CRM (Saleslogix)

In most places in the Infor CRM (Saleslogix) web client, it’s pretty easy to use security roles. You simply add a secured action string (that has roles assigned to it) to an “Applied Security” property and the rest is magic. But what if you need to get more granular than that? What if you need to access the roles at runtime and apply security to something that doesn’t have an Applied Security property? What if you need to apply role security to individual controls on a form, such as enabling or disabling a checkbox? Luckily, it is just as easy to use security roles programmatically as it is to apply them to properties of things in Application Architect.


First, a little background. Security in the Infor CRM client is done via roles and secured actions. You create secured actions for something specific, like the ability to add a new widget to the system. This secured action string might look something like this: “Entities/Widgets/Add”. You then apply that secured action string to something, like a button that adds new widgets. Then you can also assign roles to that secured action. A role is simply a collection of users that can perform similar things. So, you might have a role called “Widget Managers” that has userA, userB, and userX assigned to that role. Then you add the Widget Managers role to the “Entities/Widgets/Add” secured action. Now, what ever you’ve added that secured action to, like an “Add Widget” button, the users in the roles added to that secured action, in this case userA, userB, and userX, can perform that action. Make sense?


Checking If a User Has Access to a Secured Action in Code

OK, now that we have that out of the way, let’s look at how we can check to see if a user has access to a secured action in code. What this means is, “is the current user a member of a role that is assigned to some secured action?” In order to check this we need to get the RoleSecurityService. This is built into all Quick Forms in the same way that things like DialogService is built into Quick Forms. Let’s say we want to enable/disable an “Is a Widget” checkbox depending on whether the current user has access to a secured action called “Entities/Widgets/Edit”. The code would look like this:

checkBoxIsAWidget.Enabled = this.RoleSecurityService.HasAccess("Entities/Widgets/Edit");

Or, how about we show/hide columns in a datagrid based on whether a user has access to a secured action called “Entities/Widgets/View”:

dataGridItems.Columns[3].Visible = this.RoleSecurityService.HasAccess("Entities/Widgets/View");

Not too bad.

Accessing the RoleSecurityService in Code

As I mentioned before, Quick Forms will have the RoleSecurityService built in automatically. However, for custom SmartParts or other code, it’s still easy enough to get the service.

If you have a custom SmartPart, you can let dependency injection do it’s work by just adding a ServiceDependency property for it, like this:

public Sage.Platform.Security.IRoleSecurityService RoleSecurityService { get; set; }

Or you can get the service on demand, in code as well, like this:

var roleService = Sage.Platform.Application.ApplicationContext.Current.Services.Get<Sage.Platform.Security.IRoleSecurityService>();
if (roleService != null)
    var canDoSomething = roleService.HasAccess(securedActionKey);

You can even get to it easily in client-side Javascript:

// javascript
var roleService = Sage.Services.getService("RoleSecurityService");
if (roleService) {
    var canDoSomething = roleService.hasAccess(securedActionKey);

Well that’s about it. As you can see, pretty easy to get and use as needed. Until next time.


Ryan Farley

Ryan Farley is the Director of Development for Customer FX and creator of He's been blogging regularly about SalesLogix, now Infor CRM, since 2001 and believes in sharing with the community. His new passion for CRM is Creatio, formerly bpm'online. He loves C#, Javascript, web development, open source, and Linux. He also loves his hobby as an amateur filmmaker.

1 Comment

  1. Great post Ryan.

    One more thing to add on this. The Secured action access key names are case sensitive. So be careful with that.


Submit a Comment

Your email address will not be published.

Subscribe To Our Newsletter

Join our mailing list to receive the latest Infor CRM (Saleslogix) and Creatio (bpm'online) news and product updates!

You have Successfully Subscribed!