Personalized Community is here!
Quickly customize your community to find the content you seek.
Check out the latest Sales updates!Learn about the key capabilities and features of Dynamics 365 Sales and experience some of the new features.
Download overview guide | Watch Sales video
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I have the following security request:A director of a business unit can see all the records in that business unit due to the security role he has.
In that business unit there's one team with 2 users with the same security role.
Each user is able to see all details of the record they own but only some of the fields on records not owned by them.
So if user A owns Account "ABC", then user B can access the Account but only see some of those fields.
Question is, is this possible to achieve OOB or do I need custom development?
This can be done oob. Besides a security role you’ll need to ads field security including a field security profile. This will allow you to give users field specific security. Here are the details: https://docs.microsoft.com/en-us/power-platform/admin/field-level-security
PLEASE MARK AS VERIFIED IF HELPFUL
First of all, big fan of your channel! One of my go to ones for new Dynamics stuff.
I thought that the field security could only be applied to either individuals or teams?
Say that I have the Phone, Fax and Email fields on the account. I will be able to see those fields if I own that account, but if I don't, I won't see them (or the data in them). You are saying that this is possible to achieve even if those users are on the same team with the same security role?
Thank you! Glad you're enjoying my content! Yes you are correct regarding field security can be given to users or teams, I apologize for misunderstanding what you're trying to accomplish. Unfortunately I don't think today we can have field security be based on ownership today.
You can achieve this by comparing the GUID of "Logged - in user" and "Owner of the Account"
If both are same then
show the specific fields.
hide it from the current user.
Get user Guid - docs.microsoft.com/.../usersettings
Get Account Owner Guid - arunpotti.com/.../
then compare and depending on that show hide the fields on the form.
Please refer below code you will get an idea.
var formcontext = get formcontext from execution context.
var currentLoggedInUserGuid = userSettings.userId;
var lookupObj = formcontext.getAttribute(lookupSchemaName);
if (lookupObj != null)
var lookupEntityType = lookupObjValue.entityType, //To get EntityName
lookupRecordGuid = lookupObjValue.id, // To get record GUID
if(currentLoggedInUserGuid === lookupRecordGuid)
else if(currentLoggedInUserGuid !== lookupRecordGuid)
As suggested by Dian, security profiles can help you achieve this through OOB feature.
I dont advise doing show/hide thing even though a few folks have suggested that - reason is you cannot show/hide these fields from Views or Advanced Find so someone who is not an owner would still be able to see the information there even if not on form.
May be your best bet is to put these fields in a separate entity, link both entities, and accordingly configure the security role so that only owner can access the records in this new entity.
Hi, but as Dian said, Dynamics doesn't allow for field security based on ownership oob.
I am not advising to use Field Level Security. Just put those fields in a new custom entity, and then configure security role for that new entity at USER level.
I'm curious Yogi. Can you expand more on your approach? It sounds intriguing.
Business Applications communities