Wednesday, 4 September 2013

How to configure Field Level Security in Microsoft Dynamics CRM 2011

In Microsoft Dynamics CRM 2011 and Online you can use field level security to configure security roles that control user and team access rights to specific fields and entities. In this post, we will discuss how to configure field-level security in Microsoft Dynamics CRM.

A Bit of Background

Before we start, we should define what we mean by security roles and establish a few assumptions. In this context we are referring to the following:
  • Action that can be performed (Create, Read, Write, Delete, Share, Assign)
  • Object the action can be performed on (User/Team Owned, BU or Organisation Level)
These permissions are granted at the entity level and it is possible that certain fields of the entity contain more sensitive data than the others.
The scope of the field level security is global and is applicable to all data access requests including the following:
  • Data access requests from within the web application
  • Web service calls using CRM SDK (plug-ins, custom workflow activities and custom code)
  • Reporting (using FilteredViews)
  • Auditing
Field level security is available for custom fields of custom and system entities.

Implementation of Field Security

There are two high-level steps to implement field-level security:
  1. Mark field as a secure field (enable it to be secure); and
  2. Configure Security Profiles
Security Profile
Field level security is managed by the security profiles; only secure fields are available for configurations.
A Security profile determines the following:
  • Permissions to the secure fields
  • Users and Teams
A Security Profile can be configured to grant the following permissions at the field level to the added users or teams:
  • Read (read-only access to the field’s data)
  • Create (users or teams in this profile can add data to this field when creating a record)
  • Update (users or teams in this profile can update the field’s data after it has been created)
A combination of these three permissions can be configured to determine the user privileges for a specific data field.

Step-by-Step Guide to Configuring Field Level Security

Consider the scenario that there is a custom field on the contact form named “Mobile Number (of Top Management)” as in the image below.
how to configure field level security
The requirement is to make this field secure and configure the security profiles to grant access to the specific teams as listed below.

Sales StaffNo Access
ManagersRead-Only Access
Vice PresidentsFull Access
Step 1
The first step is to mark the field as a secure field, go to the field properties and enableField Security.
Save and publish the changes.
Step 2
Verify that the Field Security has been enabled; open the contact form and you will now see a key symbol with the label of the field. This indicates that the “Mobile Number” is a secure field.
Step 3
The next step is to configure the security profiles.
Create three new Security Profiles with the following configurations:

Security ProfileAdded Team(s)
Sales StaffSales Staff Team
ManagersManagers Team
Vice PresidentsVice Presidents Team
field level security in Dynamics CRM 2011
Step 4
Configure Field Security for each profile.
Sales Staff
No Access to Mobile Number
Save Changes and Verify
After configuring the “Sales Staff” security profile, the members of the “Sales Staff Team” will not be able to see the data in the secure field.
Read-Only Access to Mobile Number
Save Changes and Verify
After configuring the “Managers” security profile, the members of the “Managers Team” will only see the read-only view of the data in the secure field.

Vice Presidents
Full Access to Mobile Number
Save Changes and Verify
After configuring the “Vice Presidents” security profile, the members of the “Vice Presidents Team” will have full access to the data in the secure field.
There you have it, some simple steps to configure basic field level security in Microsoft Dynamics CRM 2011.

No comments:

Post a Comment