Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM (Archived)

Record Owners Viewing Fields with Field Level Security Enabled

(0) ShareShare
ReportReport
Posted on by

Hi!  I'd appreciate any help anyone could provide with this.

Client has about a dozen Contact fields that contain sensitive data that they want available to only certain users so I've implemented field level security on those fields.  Problem is that they also want that information available to the owner of that record regardless if they are members of the field security profile allowing them access to those fields.  I am a novice with CRM, but my understanding was that the owner of a record should have access to all fields of any record they own.  This doesn't seem to be the case.

Could anyone provide guidance on how to restrict these fields so that only specified members of the field security profiles AND the owner can access them?

*This post is locked for comments

  • Little Mojo Profile Picture
    Little Mojo on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Went with breaking the fields in question into a "Contact Confidential" entity with a Quick View and it worked perfectly!  Thanks for the advice!

  • Little Mojo Profile Picture
    Little Mojo on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Yes, from discussions I've had with the technical people in my practice, FLS will prevent data from ever being queried if the user doesn't have access in the first place.  So the owner is out of luck.  Or take the route I did and have data accessible via an Advanced Find.

    So...is there any way to prevent user groups from running an advanced find in the first place?  There was concern about members of this group exporting data and taking to their next job, so doing so might solve a couple of problems...

  • Verified answer
    Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Unfortunately i believe there's no perfect way to handle this need.

    One last option i know, pretty much the easiest to implement, but the less readable for final users is to:

    - Create a custom entity (let's say A) with the fields that you wanted to secure + a lookup to your entity where these fields would have been (let's say B)

    - Give only user privileges on this entity to users who need to see only their own record's secured fields.

    - Give organization privilege on this entity to people you would have included in your Field Level Security Profile

    - Add a subgrid or QuickView Form showing A record in your B Form

    BUT:

    -In order to fill these fields, your users will in fact have to create a record for a new entity (A) and to modify these fields, they will have to open the record "A" first.

    - Creation of reports / views / charts will be much more complicated as you'll be dealing with two entites.

    -Adds some admin work, changing user's security roles accordingly when they would have been added/deleted to/from Field Level Security Profile

    All the solutions mentioned above have pros and cons, and it all depends on the business' exact needs to choose the right one.

    If i had to face this need again where sensitive data is critical , i'd go again for custom workflows/plugin from the blog mentioned in my first post. Not easy to implement, not quite easy to maintain but behaves exactly as expected.

    Regards,

    Alexandre Vidal

  • Little Mojo Profile Picture
    Little Mojo on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Alexandre...that Advanced Find thing is going to be an issue...ugh!

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Hi Chitra,

    Yes, you're right, and i also mentionned this.

    Regards,

    Alexandre Vidal

  • Royal King Profile Picture
    Royal King 27,686 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Hello Alex,

    if you are part of field level security profile and that provides read/write privilege on the records does not mean you will have access to all the records in the crm. Say if your security role allows you to view records only within your business unit. Because you are part of field level security profile that provides access to all secured fields with in that entity does not allow you view all the records that are not part of your business unit. 

    Thanks

    Chitra

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Hi David,

    Indeed that's a good workaround if the information in secured field is not critical.

    Be aware that any user who'd make a simple "Advanced find", or even a custom view with these fields in columns would be able to read all the data.

    For us, this wasn't an option after all !

    Regards,

    Alexandre Vidal

  • Little Mojo Profile Picture
    Little Mojo on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Hi!  The solution I went with was a little different...

    Created two sets of forms, one showing all fields for those whose role allows them to see the fields in question, one with those fields hidden.  Depending on the users' security role CRM will present the appropriate set of forms.  On the form with the fields hidden, we put some JScript to capture the user's ID and compare it to the the owner of the record.  If they match, unhide the fields in question.

     

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Hi David,

    I'm affraid Chitrarasan's answer isn't completely correct.

    You can certainly create a team and add it to the security profile, or add/delete users straight to the security profile, but doing this, whenever a user will be owner of a record of this entity type, he'll be able to see all secured fields on all records of this type he can see (not only his records).

    So basically, if your security role gives you an read/organisation permission on this entity, once you own a record of this entity, you'll see all the secured fields on all records of this entity in the organization. Would work perfectly though if your Read privilege on entity is set to user/team in your security role.

    What you're trying to achieve is pretty more complex, as owners would see the secured fields only on their own records.

    I had to achieve this once, and did it pretty well with plugins on create/assign of the entity, using this helpful article:

    http://zhongchenzhou.wordpress.com/2012/06/28/dynamics-crm-2011-share-secured-fields/

    Hope it helps,

    Alexandre Vidal

  • Royal King Profile Picture
    Royal King 27,686 on at
    RE: Record Owners Viewing Fields with Field Level Security Enabled

    Here is the sample code that shows how to assign record to team just modify this to assign user to tam in your custom workflow or plugin

    technet.microsoft.com/.../gg327897.aspx

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December

Congratulations to our December super stars! 🥳

Start Your Super User Journey Pt 2

Join the ranks of our community heros! 🦹

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,820 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,514 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans