An update to my earlier post on Field Level Security. Here I clarify the functionality and provide new commentary on the Sharing feature related to Field Level Security (something I spotted during my review of the training material for the CRM 2011 exams)…
Activating Field Level Security:
- Create a Solution and add the Entity(s) you wish to lock down into the Solution
- Locate the Field(s) under each Entity and activate each of them for Field Level Security (there’s a new checkbox there on the Field Definition)
- As soon as you publish this change the Field Level Security restriction will be applied to all users except those assigned the Systems Administrator security role. The field is instantly read only and non-editable for your users. Your next step is to configure CRM’s Field Level Security model to grant permissions out to your users.
Granting Access to Secured Fields:
- For each collection of field level permissions you want to grant out to a collection of users you will create a “Field Security Profile”. These can be created from your Solution or from Settings –> Administration
- Assign Users and/or Teams to the profile: – note: if a user is associated to multiple profiles they end up receiving the least restrictive permissions
- Grant the profile permissions over the fields that have been secured:
- Each secured field will automatically appear in the list, with Create, Read, and Update access all initially set to “No”.
- Pick the field(s) that you want to grant access to and change their value’s to “Yes”
How the end result looks:
- Fields enabled for Field Level Security appear with a Key symbol against them
- When a field is secured such that a user has no READ permission that user will see the field on the CRM form but the data will be masked out, and in CRM views the column will be blank
- When a field is enabled for Read but locked for Update it appears disabled on the form
Sharing Field Level Permissions:
The Sharing feature we are used to from CRM 4.0 has been extended in CRM 2011 to support the Sharing of Field Level Permissions. A user who has been assigned a Field Security Profile granting them permission to a secured field can potentially share that Field Level Permission to another user (or Team) who currently does not have access to that secured field.
Here are the steps to Share Field Level Permissions to another user:
The rest is pretty simple, just like normal sharing (although a bit ‘clicky’).