Field Level Security in Microsoft Dynamics 365 (CRM)

Field-level security in Microsoft Dynamics 365 CRM solutions (otherwise known as CE) allows you to expand your security model beyond entities to include specific fields. However, you cannot secure fields as part of your typical security role setup, it is a separate process.

Dynamics 365 for Sales allows you to add field security profiles to both system and custom fields. Setting up field security is a two-part process:

  1. Enable your field for Field-level Security
  2. Set up a Field Security Profile to define the privileges granted to your user(s) and/or team(s)

Security Profiles can be configured to grant a combination of the following 3 permissions at the field level:

  • Read (read-only access to field data)
  • Create (users or teams can add data to this field when creating a record)
  • Update (users or teams can update the field’s data after it has been created)

This article will walk you through creating field-level security and a new field security profile. The business requirement for our example will be an organization that does not want certain users to be able to Create or Update the Actual Revenue Field of Opportunities.

How to Enable Field Level Security for a Field

1. Click on the Settings icon located on the top-right of your screen:

field-level-security

2. Select Advanced Settings:

Field Level Security

3. The Advanced Settings Tab will appear. Click on the down arrow next to Settings and Solutions:

Field Level Security

4. Select a solution. In this example, we will select Iteration 1:

Field Level Security

5. The solution window will appear. Click on Entities -> Opportunities -> Fields:

Field Level Security

6. We will select the Actual Revenue field. You can select any field of your choice or create a new field:

Field Level Security CRM

7. The field pop-up window will appear. Click on Enable under Field-level security profile. Click on Save and Close:

Field Level Security CRM

8. Publish all customizations:

Field Level Security CRM

9. Add your field to the form if it is not already present.

10. Publish all customizations.

Next, you will need to create a new field security profile to define your field’s security settings.

How to Create a Field Security Profile

Make sure you have the System Administrator security role or equivalent permissions.

1. Click on the Settings icon located on the top-right of your screen:

Field Level Security CRM

2. Select Advanced Settings:

Field Level Security CRM

3. The Advanced Settings Tab will appear. Click on the down arrow next to Settings and Security:

Field Level Security CRM

4. Select Field Security Profiles.

Note: You can also add Field Security Profiles to a solution if you need to export and import them later (as shown below).

Field Level Security CRM

Note: Your system will already include a default System Administrator Field Security Profile which automatically grants Read, Update and Create permission to all fields enabled for field security. You cannot delete or modify this security profile.

5. Click on New to create a new Field Security Profile:

Field Level Security CRM

6. Enter a name and a description (optional) and click on Save:

Field Level Security CRM

7. Under Common, click on Field Permissions:

Field Level Security CRM

Note: Every Field Security Profile will list ALL fields for which field security is enabled and every new field will default to No for all privileges.

8. Select a field, and then choose Edit:

Field Level Security CRM

9. The Edit Field Security pop-up window will appear. Select the permissions that you want to assign to users or teams, and then choose OK. In this example, I want the group of users to be able to Read the Actual Revenue, but not update or enter a brand-new value. Click on OK to confirm:

Field Level Security CRM

10. Click on Save to commit this modification to the system.

How to Add Users and Teams

1. Under Members, select Teams or Users. We will demonstrate the functionality with users:

Field Level Security CRM

2. On the command bar, select Add:

Field Level Security CRM

3. In the Look Up Records dialog box, select the user(s) or team(s) which should have the security settings applied for the field and then click on Select:

Field Level Security CRM

4. Repeat the preceding steps if you would like to add multiple teams or users, and then choose Add.

Field Security Considerations

Every field enabled for field-level security is added to all field-level security profiles with Read, Create and Update all set to No by default. System Administrators have all privileges on all field-level security fields. Users and Teams can be added to multiple field level security profiles. Once you have set your field security, users who do not have Read permission for the field will see the field itself but will only see “*****” instead of the data.

If you have any questions about field-level security in Dynamics 365 for Sales, do not hesitate to reach out to the Encore team.

Dynamics 365 CE (CRM) How-To eGuide

41 pages of step-by-step instructions for 6 different key tasks in Dynamics 365 Customer Engagement (CRM). Includes interactions with PowerApps and Flow!

Get the eGuide

Dynamics 365 CE (CRM) How-To eGuide

Get the eGuide