Field-level security in Microsoft Dynamics 365 CRM solutions (otherwise known as CE) allows you to expand your security model beyond entities to include specific fields. However, you cannot secure fields as part of your typical security role setup, it is a separate process.

Dynamics 365 for Sales allows you to add field security profiles to both system and custom fields. Setting up field security is a two-part process:

1. Enable your field for Field-level Security
2. Set up a Field Security Profile to define the privileges granted to your user(s) and/or team(s)

Security Profiles can be configured to grant a combination of the following 3 permissions at the field level:

• Read (read-only access to field data)
• Create (users or teams can add data to this field when creating a record)
• Update (users or teams can update the field’s data after it has been created)

This article will walk you through creating field-level security and a new field security profile. The business requirement for our example will be an organization that does not want certain users to be able to Create or Update the Actual Revenue Field of Opportunities.

How to Enable Field Level Security for a Field

1. Click on the Settings icon located on the top-right of your screen:

2. Select Advanced Settings:

3. The Advanced Settings Tab will appear. Click on the down arrow next to Settings and Solutions:

4. Select a solution. In this example, we will select Iteration 1:

5. The solution window will appear. Click on Entities -> Opportunities -> Fields:

6. We will select the Actual Revenue field. You can select any field of your choice or create a new field:

7. The field pop-up window will appear. Click on Enable under Field-level security profile. Click on Save and Close:

8. Publish all customizations:

9. Add your field to the form if it is not already present.

10. Publish all customizations.

Next, you will need to create a new field security profile to define your field’s security settings.

How to Create a Field Security Profile

Make sure you have the System Administrator security role or equivalent permissions.

1. Click on the Settings icon located on the top-right of your screen:

2. Select Advanced Settings:

3. The Advanced Settings Tab will appear. Click on the down arrow next to Settings and Security:

4. Select Field Security Profiles.

Note: You can also add Field Security Profiles to a solution if you need to export and import them later (as shown below).

Note: Your system will already include a default System Administrator Field Security Profile which automatically grants Read, Update and Create permission to all fields enabled for field security. You cannot delete or modify this security profile.

5. Click on New to create a new Field Security Profile:

6. Enter a name and a description (optional) and click on Save:

7. Under Common, click on Field Permissions:

Note: Every Field Security Profile will list ALL fields for which field security is enabled and every new field will default to No for all privileges.

8. Select a field, and then choose Edit:

9. The Edit Field Security pop-up window will appear. Select the permissions that you want to assign to users or teams, and then choose OK. In this example, I want the group of users to be able to Read the Actual Revenue, but not update or enter a brand-new value. Click on OK to confirm:

10. Click on Save to commit this modification to the system.

How to Add Users and Teams

1. Under Members, select Teams or Users. We will demonstrate the functionality with users:

2. On the command bar, select Add:

3. In the Look Up Records dialog box, select the user(s) or team(s) which should have the security settings applied for the field and then click on Select:

4. Repeat the preceding steps if you would like to add multiple teams or users, and then choose Add.

Field Security Considerations

Every field enabled for field-level security is added to all field-level security profiles with Read, Create and Update all set to No by default. System Administrators have all privileges on all field-level security fields. Users and Teams can be added to multiple field level security profiles. Once you have set your field security, users who do not have Read permission for the field will see the field itself but will only see “*****” instead of the data.

If you have any questions about field-level security in Dynamics 365 for Sales, do not hesitate to reach out to the Encore team.