Field Level Restriction in Security Framework in Microsoft Dynamics 365 Finance and Operations

Dear Microsoft BizApps Community,

Welcome to my next blog on security framework, this article talks about how we can impose a field level restriction for users in a form

Problem statement

A very common requirement from customer, they want to put a restriction on a form for some fields, which won’t be editable by users, due to audit or internal control purpose

Business scenario

Example- in vendor master, bank account field won’t be editable by end users, only admin team can change that (note- this is just an example scenario; however, this approach and solution should work for other forms too)

The below output is our expectation, where Bank account fields are non-editable, other fields are editable

Let’s explore

Configuration

We shall see the solution by creating a duty->>>> Privilege->>> table->>>field level restriction

Step 1- Create a new duty (for our case, we shall create the duty as CS_vendBank name)

Navigate to system administration->>security->>Security configuration

Go to duty tab and create new

Enter a duty name and ok

Step 2- Create a privilege for the newly created duty

Now select the newly created duty->> and select Privileges, see below

Now “Create new and add reference”, see below

Now Give a name to the privilege, it will create a new privilege

Step 3- Add a table and add field level restriction (vendtable is in our case and BankAccount is the field which we want to restrict)

Select the duty->> Select the privilege-> select table tab as shown below->> add reference->> select the table name (for our case its vendtable)

From vendtable- grant each and every properties->> ok

Now select the table (vendtable in in our case, as shown below) and then add reference

Now the main part is- add the field “BankAccount” in our case on which we want to disallow users from updating the field, in short should be un-editable)

Hence, from read access it should be “Grant”, and from update access, it should be “deny”->>ok

Step 4- create a role- Now the last part is- create new role and add the duty we have crated as “CS_vendBank”, also we can add the privilege or the duty to the existing role as well.

Now add the Duty “Cs_vendbank” to this role from “add reference” option->ok

The setup is done, however the above changes we have done, we need to publish from “Unpublished objects” tab, you may select “Publish all”

The configurations are done

Let’s check how it will look like if this role is assigned to users

See below, all the fields are now editable except only the Bank account fields, on which we have added restrictions

By the above configurations we can achieve the field level restriction without a single line of code

This is it for this blog, stay tuned for my next article