Microsoft Dynamics® CRM Training
Field Level Security
An error occurred while loading the video. Please try again.
Field Level Security
In this video, we're going take a look at Field Level Security in Microsoft Dynamics CRM Online 2011.
(Field Level Security allows System Administrators to determine which Users or Teams have access to custom fields.)
For this tutorial, we'll use the example of a custom field for a customer's social security number. We only want certain designated users in our organization to have access to a customer's social security number. Field Level Security in CRM Online allows us to do just that.
We start by creating a new field. It's important to note that Field Level Security can only be applied to custom fields. If you want to create field level security for a system field, you can recreate it as a custom field and insert it into the form, and then remove the system field from the form. However, some fields, such as First Name and Last Name cannot be removed from the form and therefore cannot be substituted for a copy custom field.
(You will need to have a Security Role of System Administrator or System Customizer or equivalent privileges to perform the following steps.)
First, navigate to Settings > Customization > Customizations, and then click Customize the System. When the Solution: Default Solution window appears, navigate to Components > Entities > Contact > Fields. Now, click New.
(The Field form opens with the temporary name "New for Contact".)
We'll give this field a Display Name of "SSN" for Social Security Number. Now, we enable Field Security for this field by clicking on the circle next to Enable. Now, we can click Save and Close, which closes the Field form, returning us to the Solution window.
Now that we have created our custom field for the Contact entity, we can place it on the Contact form. In the Solution window, navigate to Components > Entities > Contact > Forms.
(The solution window now lists the forms of the Contact entity. Open the form called Information that has the type Main. The Form: Contact window opens, displaying the form-editing controls. In the Field Explorer pane, set the Filter to Custom Fields to quickly find our new "SSN" field.)
Let's drag and drop our custom field into the Contact form, click Save, and then click Publish. Close the window.
For tips on form configuration, please watch the two videos titled "Adding Fields and Configuring Forms 01" and "Adding Fields and Configuring Forms 02" also located in our CRM Success Portal.
Now that we've created the field and placed it in the form, it's time to set the Field Level Security. Let's exit the Solution window and navigate to Settings > System > Administration. Then click on Field Security Profiles.
First, let's click New, opening the Field Security Profile: New window. Then, we'll give this profile the name "Sales Person". Now, click Save. After saving, the window refreshes, updating its name and making additional items in the left pane become usable.
Now, we're going to apply users here by clicking on Users in the left pane under Related > Members. Notice that we can also apply Teams to this profile if we so choose. Next, we click Add. The Look Up Records dialog then opens.
Now, we're going to identify the user (or users) that we wish to grant access to the social security number field that we've created. When we create a new field and enable Field Level Security for that field, no user in our organization has access to that field except those with a Security Role of System Administrator, so we're going to grant the user "xRM Guy" (a user who is not a System Administrator) permission to read and edit the SSN field.
If we did not want xRM Guy to have access to the SSN field, we would have to do nothing at this point. He would already be unable to view it.
Since we want to grant xRM Guy permission to view and edit this new field, we'll use the View drop-down list to choose a view that includes that user, or use the Search field by typing in the user's name.
The users matching the view or the search results are then listed in the dialog. Click the corresponding box of the designated user or users—in this case we're selecting "xRM Guy"—then click Add (which adds them to the Selected Records list), and then click OK. The Look Up Records dialog closes, returning us to the Field Security Profile window.
And now we can determine the Field Permissions for this Field Security Profile by clicking on Field Permissions in the navigation pane under Related > Common.
Any field that has Field Level Security applied will appear here in the right pane. So now we click SSN and click Edit. This will open the Edit Field Security dialog where we can designate what this user (and other users with this Field Security Profile) can and cannot do with this particular field. Let's set everything to Yes, and then click OK.
The dialog closes, returning us to the Field Security Profile window. Now let's click Save and Close. The Field Security Profile window closes, returning us to the main CRM Online screen.
Now we can test this out by navigating to our Contacts and opening a record. Navigate to Workplace > Customers > Contacts and open any Contact record in the right pane. Notice our custom field SSN is here when we open the record. Since I'm signed in as a System Administrator, I can view and edit this field. Users with a System Administrator security roll, such as "xRM Boss" in this tutorial, have the maximum possible permissions on the system, allowing them to see protected fields.
Because we granted the user access, xRM Guy can also see the custom SSN field.
Let's see what this field looks like for a user who has not been given permission to see this field.
Now when we open this contact record as xRM Testuser, a user with a Marketing Professional Security Role, notice what's changed? xRM Testuser does not have the permissions to view or edit this data, as it is now hashed out.
All fields that have field level security applied will have a key icon next to the label.
There is one last thing to note. There is some background automation in CRM Online 2011 that automatically adds any user with a Security Role of System Administrator to a special Field Security Profile called System Administrator. All custom fields are automatically added to that profile as well, so that system administrators are always given full access to custom fields.
That is how you apply field level security to custom fields in CRM Online 2011.
Thanks for watching.