Field Security on Contact entity

(2) Share

Report

Posted on by OT-15090228-0

Hello everyone,

I have a question about Field Security in Dynamics CRM. My client is an international company with more than five countries using Dynamics CRM for Sales.

From the requirement gathering, they want to share account and contact information across all countries, but due to PDPA regulations, certain sensitive fields (such as email address and phone number) must only be visible to the record owner and their team.

From my understanding, Field Security Profiles work at the role level, so this approach might not meet the requirement.

Has anyone faced a similar scenario or found a solution to achieve this? Any recommendations or best practices would be greatly appreciated.

Thank you in advance!

Categories:

Dynamics 365 Sales

I have the same question (0)

All responses (3)

Answers (1)

Suggested answer

ManoVerse 778 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

how are you managing the ownership of account and contact records ? is it team owned or user owned , you have to manage the field security profile membership dynamically for user may be you have to write a power automate flow to manage the Field Security profile members according to your account ownership. would like to understand more about how you are managing account ownership today

Was this reply helpful? Yes No
Verified answer

Tom_Gioielli 3,078 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!
Yeah, Field Level security on this is going to be tough as it isn't structured to support a scenario like this. You can probably do it with some extensive code, but the downside is it will be difficult to maintain.

Here's an idea that is a little out of the box, but I think it would work (we're getting really creative here).

Create a new table called "Contact Details". Add any of your sensitive fields to this table like phone, email, address, etc. that you need to protect. Add lookups to the Account and Contact tables (since we want to use it on both)

Also, create a main form that includes just the fields you care about showing or the user editing. It should be one tab, one column, and only contain those fields (so remove owner, created on, name, etc.)

Make the ownership of this new table user/team, and update your security roles so that create/read/write access is set to User Only. I would also recommend disabling share and delete

Write a D365 real-time workflow that runs on create of the Account/Contact. It should create one of these new "Contact Detail" records and associate it to the new Account or Contact. Make sure it also sets the owner of the new record to match the owner of the Account/Contact. Update your Account/Contact lookup field to point to this newly created record

Secondary: You'll want a separate process to keep ownership of this other record updated if the Account/Contact owner is modified in the future as well

Now here comes the fun part. On the Account and Contact forms, open the maker portal to edit them and you are going to add a component called "Form". You can find it under the "Display" category of components on your form editor.

Add the component to a new section on your form, somewhere it makes sense for contact details to appear

When adding the component, select your new Lookup column to the "Contact Details" custom table and pick your main form that includes only the required components

Save and publish your form.

So what is this going to do? It is going to embed your new custom table form directly into the Account/Contact record. The fields will appear very similar to how standard fields look on the Account, but it is actually representing an entirely separate record. Because the security roles are defining that only users who own the records (or who are on teams who own the records) can see this related record, it will appear blank (or there will be a security error) that appears for other users.

The real benefit is that when updating this information, users won't need to navigate to another form like they would if you used a Quick View. It should be relatively seamless but still gives you the security control needed.

I'm really curious if this works for you and helps, so please keep us updated!

Was this reply helpful? Yes No
OT-15090228-0 17 on at

Like (0)

Report
Copy link

Link copied!

Hi #ManoVerse,

Thank you so much for your response. I plan to give full access (Organization level) to the Contact entity, as the requirement is to share it with all users. However, for sensitive data (such as mobile number and email address), I would like to limit access to the Parent-Child level, so that only the owner and their sales manager can view this information.

Regarding field security, it does not completely meet the requirement because sales representatives who create the record should still be able to see their own data.

Hi Tom_Gioielli,

Thank you so much for the solution. I also think this approach is feasible, but I have one concern: it seems a bit difficult for business users to create data. They would need to enter general information in the Contact entity and sensitive information in the Contact Detail entity.

However, I believe this solution should meet the requirement by leveraging standard CRM features. Thank you again!

Was this reply helpful? Yes No