As I prepare for my MB2-716 exam I’m producing a series of blog posts that collectively should help others revising for the MB2-716 Certification. (Microsoft Dynamics 365 customization and Configuration.) This time I will look at field level security.
In previous posts I have already covered the Dynamics 365 security model. I began with this post giving an overview of the Dynamics 365 security and then I continued with a second post giving a detailed view of the security model. What I’ve covered so far essentially relates to entity level security. But what if you need to control who can see, create and update individual fields within an entity? This is when you’d use field-level security.
Field-level security can be applied to system and custom fields across the system. And by default is disabled for all fields. Field security works in conjunction with the wider Dynamics 365 security model. Meaning a user would first need to be granted access to the entity. But having been granted that access the field security profile is applied to govern access to specific fields within the entity.
To enable field security on any field you open it in customizations and change the “Field Security” option to disabled.
Once this change is published a key will show next to the field to highlight that it is subject to field security. (As shown below.) At this point only the system administrator can see and maintain the details in this field.
If any user, other than the system administrator, looks at the form they will see “******” in place of the data. (As shown below.)
It is important to realize that field-level security does not apply to just Dynamics 365 forms but everywhere you might see or maintain data. For example, below I have shown a view containing my “Secure Field”. Notice that it is blank, this isn’t because the field contains no data! It is because the current user does not have read privilege on this field.
Below you can see that field security is also applied on editable grids ….
To grant access to fields which are enabled for field-level security you need to create a field security profile. This is done from the “Field Security Profiles” option which can be found in the security area of settings.
When creating a field security profile you first give the profile a name and optionally a description.
Once you have saved the profile you can use the “Field Permissions” option to add whatever level of access is required. You can see below that I have granted read access on my field. But I haven’t granted update or create access.
Having just create access might be useful if you want someone to set-up a field when a record is created but then not change it afterwards.
Having created the desired field permissions, you can then assign users or teams to the profile. Below you can see I have assigned this profile to one user.
Tip: A real world scenario assigning teams to the profile might be the best option. As user teams helps to keep administration to a minimum.
Below you can see that after granting read only access the content of the secure field is now visible but the lock icon next to the signifies that it cannot be changed.
As always, I suggest your exam preparation involves plenty of hands-on time. So try creating some field security profiles to see how they operate.
I hope this post has given anyone preparing for the MB2-716 exam the basic information they will need to understand on field-level security.