PowerObjects Blog 

for Microsoft Business Applications


Microsoft Dynamics CRM 2011 Field-Level Security Out-of-box

Post Author: Joe D365 |

In Microsoft Dynamics CRM 4.0, there are very few (and complicated) options for field-level security in CRM. Here is the white paper in the "Nuts and Bolts" Series from Microsoft. Other un-supported option include disabling /hiding a field depending on the security role of the user by making a web service call to get the currently logged-on user's security role. But enough about 4.0...let's talk about the beta of Microsoft Dynamics CRM 2011 field-level security included in the out of the box features.

In the example below, I will create a new field with the field-level security property turned on and make changes to the Access level of a user on the particular field. Firstly, create the field with "Field-level security" property turned on.

CRM 2011 Field-Level Security

Then there is a new area in the Administration area called the "Field Security Profiles".

Create a new security profile and then edit the "Field Permissions" to be only 'Read'. The various permissions are Read, Update and Create. By default, the permission is none. All the secured fields are listed automatically in this area

Then, add the particular user/team that should be restricted accordingly to the newly created field.

Now add the newly created field on the entity's form and publish the form

The form looks like this for a user who has full access like an admin user or a user given update permission to this field.

And it appears grayed out for a user with read-only permission as shown below.

And another interesting thing is what happens when you give no access to this field by removing the read access previously given

It actually still shows the field on the form for this user but with the field characters as dots (similar to a password field) as shown below:

There is lot more that can be achieved using this out-of-box field-level security feature. This is one of the most requested features of the clients in the MS CRM 4.0 version.

We hope you find this information helpful and as the CRM Experts at PowerObjects continue to dig into CRM 2011 we will continue to post information here. Also if you are interested in getting a hosted sandbox to start trying some of the features out or checking your customizations let us know.

Happy CRM'ing

Joe CRM
By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

13 comments on “Microsoft Dynamics CRM 2011 Field-Level Security Out-of-box”

  1. Hi,
    Is it possible to hide the field completely from the user rather than showing it with Dots. If the user does not have read permission.
    Thanks,
    Shelvin

    1. yes,we can hide the field when we are creating the field on the form.we can find "visible by default" option in field properties.Just unselect that check box and publish entity.

      1. I thought so too, Suresh, but this doesn't seem to work. The field is then hidden completely, which is rather useless. I think the question is this:
        Can the field with FL Permission be ONLY visible to those who have that FL Profile, but NOT to those who do not have the profile.
        I've not found anything like that to date...any thoughts?

        1. For something like that you'd need to use a combination of FLS and Javascript to hide the field. You use Xrm.Page.getAttribute('xyz').getUserPrivilege() to see what FLS rights the user has.

  2. Is it possible to hide the field completely from the user rather than showing it with Dots. If the user does not have read permission.

  3. Is it possible to give each user under a Field Security profile with different permissions for different secured fields?

    1. Hi Michael - not in the same profile. If each user has unique field level security needs you would need to create a profile. We recommend treating these field level security profiles almost like a security role. Create them for a 'group of users' or related to a security role.

  4. Late in the process but is it possible to apply field level security to non-custom or built-in fields in 2011?

    1. Hi - field level security can only be applied to custom fields. This may change in the next version in Orion.

PowerObjects Recommends