MSCRM 2015 Field-Level Security

Visit Website View Our Posts

With security becoming more and more important with online data, securing your data within your system is also very important. We all need to keep the bad guys out of the system, but we also need to keep our users from accessing sensitive data as well.

In MSCRM, you can hide fields from forms and remove them from selection filters, but if you have any skills with MSCRM, you can find a way to get the data out if you have read access to an entity. So how do we prevent prying eyes?

MSCRM introduced Field-Level security a few versions back. But it is still not widely used. With field level security, you can grant users read permissions to an entity while securing specific fields with security profiles. The users can access and read the form, but without the correct field permissions, they can't see the data within that field. This security is also carried across Advanced Finds, Views, and Reports.

So how do we create a secure field?

It's quite easy. Just create a field for an entity the usual way but before you save it, make sure you set the Field Security radio button to "Enabled".

New Field Security


Now for the hard part. In order to set permissions for this field, you need to add a Field Security Profile. To do this, go to Settings/Security and click on the Field Security Profiles link.

Field Security Profiles


From the Field Security Profiles area, click on the NEW button to create your profile. Add a name specific to the permissions and then add some Users or Teams who will have those permissions. Below I created a Profile for users that will have full access to secure fields.

Secure Profile


I've added the CRM Admin user to this profile.

Secure Fields Users


Once the Users are added, you can now set the field permissions. Click on Field Permissions on the left and double-click your field to open the Security dialog box.

Field Permissions1


Now you can set your Read, Update, and Create permissions. Below we are giving full access so we change all the fields to YES.

Field Permissions2


Once you save the above, your field permissions will look like the image below.

Field Permissions3

Most people set up profiles for those who need to access these fields. Don't forget to disallow access for users who do not need it. By default, if you are not listed in a Field Security profile, you will not be able to see data within that field. However, without being a part of a profile for that field, you may run into an issue with reporting. A report with a secure field listed as a column might throw an error for a user not listed as a member of a secure profile for that field. So create another profile called "Security Field NO Access" and add the members who do not have rights to that field. Then set the Allow permissions to NO.

In my example, I'm setting up one profile for all secure fields. You can have separate profiles for each field with any combination of permissions. Remember, CRM System Admins have full permissions no matter what.

Beringer Associates a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics CRM and CRM for Distribution. We also provide expert managed IT services, cloud based computing and unified communication systems.

Show Buttons
Hide Buttons