Security permissions in CRM not respected in CRM Mobile

The ability to delete an attribute from a constituent record is can be permissioned so that only users with that permission have the ability to delete the attribute.  When this permission is set up in CRM, it is not also being respected in CRM Mobile, giving a user who should not have the permission the ability to delete the attribute.
A system role with the Constituent Attribute Edit Form will allow a user assigned to that role to edit and delete an attribute.  Removing this permission resolves the issue.

Steps to Duplicate

  1. Create a system role that does not allow the record operation, Constituent Attribute: Delete (so that attributes cannot be deleted by this user)
  2. Add this role to a non-admin user
  3. Run as user
  4. Go to the constituent
  5. Select the Attribute tab
  6. Observe that the Delete action is not visible
  7. As the same user, go to the CRM start page
  8. Select mobile version hyperlink
  9. Select Constituents
  10. Select Constituent Search
  11. Search for the same constituent from above
  12. Go toconstituent record
  13. Select Attributes under More information
  14. Observe Delete attribute option at bottom of screen, which will delete the attribute if selected
 
 
 

Environment

 Blackbaud CRM
 4.0

Was this article helpful?