More about Using CRM security in ASP pages

I have previously discussed that access to buttons can be controlled by the 4 & 5 parameter of the CRM.Button() method used in Classic ASP. The entity referenced in the 4th param has to be an entity normally covered by security.

The example covered in the previous example discusses whether or not to include a whole block in a screen based on a users security profile rights.

But what if the need is to display data but not to allow the screen fields to be edited? We can use field level security and this will control field behaviour all through the system including our ASP pages. But the security rights I am concerned with are not field based but row based.

In the example below the code can be used to check whether the user has the rights to edit a company record and if they don't then the fields would become ReadOnly.
if (!CRM.Button("","", "test","COMPANY","EDIT"))
var myE = new Enumerator(myBlock);
while (!myE.atEnd())
myEntryBlock = myE.item();
myEntryBlock.ReadOnly = true;

We are using the fact that the screen block (eWareEntryGroupBlock) object is enumerable. Once we have established the security rights for the user we can then set all the rights on the fields for this screen.