Record-level permissions are granted at the entity level, but there may be certain fields associated with an entity that contain data that is more sensitive than the other fields. In such cases, use field level security to control access to specific fields. The scope of field level security is organization-wide and applies to all data access requests including the following:
Data access requests from within a client application, such as web browser, mobile client, or Microsoft Dynamics 365 for Outlook.
Web service calls using the Microsoft Dynamics 365 SDK (for use in plug-ins, custom workflow activities, and custom code)
Reporting (using Filtered Views)
Field level security is managed by the security profiles. Security profile determines permissions to the secure fields and users and teams. Permissions that can be granted to the user using field level security include Read, Create and Update. A combination of these three permissions can be configured to determine the user privileges for a specific data field.
Restrict a field:
A. Secure the field:
1. Go to Settings > Customizations.
2. Click Customize the System.
3. Click Entities > Contact > Fields.
4. Click the field which user wants to be restricted, click Edit.
5. Next to Field Security, click Enable, click Save and Close.
6. Publish the customization.
B. Configure the security profiles:
1. Create the field security profile for read only access:
a. Go to Settings > Security.
b. Click Field Security Profiles.
c. Click New, enter a name, access contact mobile phone, and click Save.
d. Click Users, click Add, select the users that you want to grant read access to restricted field, and then click Add.
e. Click Field Permissions, click field which user wants to be restricted, click Edit, select Yes next to Allow Read, and then click OK.
2. Create the field security profiles for full access:
a. Click New, enter a name, access contact mobile phone, and click Save.
b. Click Users, click Add, select the users that you want to grant full access to the restricted field, and then click Add.
c. Click Field Permissions, click field which user wants to be restricted, click Edit, select Yes next to Allow Read, Allow Update, and Allow Create, and then click OK.
3. Click Save and Close.
Create a security profile:
1. Go to Settings > Security > Field Security Profiles.
2. Select New from the command bar.
3. Give the profile a name and save it.
4. Add individual users, or teams to the profile.
5. Open the field permissions area and select what level of access users or teams with this security profile will have to the secured fields.
6. All fields enabled for Field Security that appear on active forms will be listed. Select the field(s) user wants to edit the permissions for and click Ok.