Activate God Mode in CRM 2013 - Don’t Let Your Users See This

Paul Nieuwelaar, 29 July 2014

Previously I’ve been posting about how to recreate CRM functionality using browser bookmarkets. These have included useful functions like opening advanced find, or publishing customizations. In this blog post I’m going to go one step further and show how we can completely disable ALL client side validation on a form so that we can make changes to a form without worrying about field requirement levels, visibility, business rules, or JavaScript.

What I’m about to show is intended for testing purposes only, and should not be used in any production environments – otherwise you might end up with dirty data in your system. So use it cautiously, and use it wisely!

What it does:

  •  Makes all required fields not required.
  •  Makes all hidden fields visible.
  •  Enables all disabled fields.
  •  Makes all hidden tabs visible.
  •  Makes all hidden sections visible.
  •  Expands all collapsed tabs.
  •  Clears field notifications on all fields.
  •  Prevents JavaScript from firing on save.
  •  Allows editing of inactive records.

One click of this button and you instantly have edit access to every field added to your form. This is extremely useful when you have JavaScript or plugins setting or relying on hidden fields on your form, and you need to quickly get in and see or modify those fields.

It’s also useful if you need to change a value on a form without entering in all the required fields – particularly as an admin when you need to fix up 1 or 2 fields on an existing record without filling out the rest of the required fields.

I’ve set up a form as an example below.

You can see we have most fields disabled. What you can’t see are the hidden fields and sections. Also when we try to save the form, our CRM Admin has added some “secure” JavaScript to prevent us from saving the form:

One click of our magic ‘God Mode’ button, and voila!

As you can see, literally every field is now unlocked, and not required. We can also see the ‘Company’ field in the second column which was previously hidden, the entire ‘Hidden’ tab is now visible, and we can edit any of the values (with the exception of Status, Created On, and Created By which can be changed but do not save to the database). We can also now save the form and bypass that pesky on save validation, and even clear the value of required fields.

Further down what you can’t see in the screenshot is that our Details tab has now been expanded as well. This means if we need to find a field we can Ctrl + F and quickly find what we’re looking for even if it was in a collapsed tab.

One other unexpected feature of this button is that we can also open an inactive record, turn on God Mode, and then change any of the ‘disabled’ fields. We can then simply navigate away from the record and the changes will be saved to the inactive record! (Only works with autosave enabled, or if you have rollup 1 or lower, and doesn’t work on activity entities).

Any user can set up this button for their own personal use, and it can be used with any CRM 2013 system, on any modern entity, and you don’t need any additional CRM security roles/privileges. To configure the bookmarklet, simply create a new bookmark, then edit the properties and set the URL to the following script:

javascript:var form=$("iframe").filter(function(){return $(this).css("visibility")=="visible"})[0].contentWindow;try{form.Mscrm.InlineEditDataService.get_dataService().validateAndFireSaveEvents=function(){return new Mscrm.SaveResponse(5,"")}}catch(e){}var;for(var i in attrs){attrs[i].setRequiredLevel("none")}var contrs=form.Xrm.Page.ui.controls.get();for(var i in contrs){try{contrs[i].setVisible(true);contrs[i].setDisabled(false);contrs[i].clearNotification()}catch(e){}}var tabs=form.Xrm.Page.ui.tabs.get();for(var i in tabs){tabs[i].setVisible(true);tabs[i].setDisplayState("expanded");var sects=tabs[i].sections.get();for(var i in sects){sects[i].setVisible(true)}}

If you’re a CRM admin/developer reading this, you probably want to think about what validation you’re doing on the client side and consider moving anything critically important into server side validation.