web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Record Owners Viewing ...
Microsoft Dynamics CRM (Archived)

Record Owners Viewing Fields with Field Level Security Enabled

(0) ShareShare
ReportReport
Posted on by Little Mojo

Hi!  I'd appreciate any help anyone could provide with this.

Client has about a dozen Contact fields that contain sensitive data that they want available to only certain users so I've implemented field level security on those fields.  Problem is that they also want that information available to the owner of that record regardless if they are members of the field security profile allowing them access to those fields.  I am a novice with CRM, but my understanding was that the owner of a record should have access to all fields of any record they own.  This doesn't seem to be the case.

Could anyone provide guidance on how to restrict these fields so that only specified members of the field security profiles AND the owner can access them?

*This post is locked for comments

I have the same question (0)
  • Royal King Profile Picture
    Royal King 27,686 on at

    Once you enable field level security on field it wont be available to anyone who is not part of field level security profile even for owners. Only user who can see everything in the system is system administrator.  What you do is write custom workflow or plugin to dynamically add/remove users to FIeld level security profile to provide access to woner of the record

  • Little Mojo Profile Picture
    Little Mojo on at

    Thank you for your response!  Ownership of a record will likely change by record which means that I can't add all users to the FLS profiles because it would eliminate the purpose of FLS in the first place.  So it looks like a plug in is necessary...

    I don't suppose that anyone would have a sample plugin that would accomplish the intended result that I could modify?  I don't know JScript.

  • Royal King Profile Picture
    Royal King 27,686 on at

    Here is the sample code that shows how to assign record to team just modify this to assign user to tam in your custom workflow or plugin

    technet.microsoft.com/.../gg327897.aspx

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at

    Hi David,

    I'm affraid Chitrarasan's answer isn't completely correct.

    You can certainly create a team and add it to the security profile, or add/delete users straight to the security profile, but doing this, whenever a user will be owner of a record of this entity type, he'll be able to see all secured fields on all records of this type he can see (not only his records).

    So basically, if your security role gives you an read/organisation permission on this entity, once you own a record of this entity, you'll see all the secured fields on all records of this entity in the organization. Would work perfectly though if your Read privilege on entity is set to user/team in your security role.

    What you're trying to achieve is pretty more complex, as owners would see the secured fields only on their own records.

    I had to achieve this once, and did it pretty well with plugins on create/assign of the entity, using this helpful article:

    http://zhongchenzhou.wordpress.com/2012/06/28/dynamics-crm-2011-share-secured-fields/

    Hope it helps,

    Alexandre Vidal

  • Little Mojo Profile Picture
    Little Mojo on at

    Hi!  The solution I went with was a little different...

    Created two sets of forms, one showing all fields for those whose role allows them to see the fields in question, one with those fields hidden.  Depending on the users' security role CRM will present the appropriate set of forms.  On the form with the fields hidden, we put some JScript to capture the user's ID and compare it to the the owner of the record.  If they match, unhide the fields in question.

     

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at

    Hi David,

    Indeed that's a good workaround if the information in secured field is not critical.

    Be aware that any user who'd make a simple "Advanced find", or even a custom view with these fields in columns would be able to read all the data.

    For us, this wasn't an option after all !

    Regards,

    Alexandre Vidal

  • Royal King Profile Picture
    Royal King 27,686 on at

    Hello Alex,

    if you are part of field level security profile and that provides read/write privilege on the records does not mean you will have access to all the records in the crm. Say if your security role allows you to view records only within your business unit. Because you are part of field level security profile that provides access to all secured fields with in that entity does not allow you view all the records that are not part of your business unit. 

    Thanks

    Chitra

  • Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at

    Hi Chitra,

    Yes, you're right, and i also mentionned this.

    Regards,

    Alexandre Vidal

  • Little Mojo Profile Picture
    Little Mojo on at

    Alexandre...that Advanced Find thing is going to be an issue...ugh!

  • Verified answer
    Alexandre Vidal Profile Picture
    Alexandre Vidal 195 on at

    Unfortunately i believe there's no perfect way to handle this need.

    One last option i know, pretty much the easiest to implement, but the less readable for final users is to:

    - Create a custom entity (let's say A) with the fields that you wanted to secure + a lookup to your entity where these fields would have been (let's say B)

    - Give only user privileges on this entity to users who need to see only their own record's secured fields.

    - Give organization privilege on this entity to people you would have included in your Field Level Security Profile

    - Add a subgrid or QuickView Form showing A record in your B Form

    BUT:

    -In order to fill these fields, your users will in fact have to create a record for a new entity (A) and to modify these fields, they will have to open the record "A" first.

    - Creation of reports / views / charts will be much more complicated as you'll be dealing with two entites.

    -Adds some admin work, changing user's security roles accordingly when they would have been added/deleted to/from Field Level Security Profile

    All the solutions mentioned above have pros and cons, and it all depends on the business' exact needs to choose the right one.

    If i had to face this need again where sensitive data is critical , i'd go again for custom workflows/plugin from the blog mentioned in my first post. Not easy to implement, not quite easy to maintain but behaves exactly as expected.

    Regards,

    Alexandre Vidal

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans