Tag Archives: field level security

‘Sharing’ Secured Fields in CRM 2011

An update to my earlier post on Field Level Security.  Here I clarify the functionality and provide new commentary on the Sharing feature related to Field Level Security (something I spotted during my review of the training material for the CRM 2011 exams)…

Activating Field Level Security:

  1. Create a Solution and add the Entity(s) you wish to lock down into the Solution
  2. Locate the Field(s) under each Entity and activate each of them for Field Level Security (there’s a new checkbox there on the Field Definition) image_thumb[2]
  3. As soon as you publish this change the Field Level Security restriction will be applied to all users except those assigned the Systems Administrator security role.   The field is instantly read only and non-editable for your users.   Your next step is to configure CRM’s  Field Level Security model to grant permissions out to your users.

Granting Access to Secured Fields:

  1. For each collection of field level permissions you want to grant out to a collection of users you will create a “Field Security Profile”.  These can be created from your Solution or from Settings –> Administrationimage_thumb[5]
  2. Assign Users and/or Teams to the profile:  image_thumb[11]  – note: if a user is associated to multiple profiles they end up receiving the least restrictive permissions
  3. Grant the profile permissions over the fields that have been secured:image_thumb[10]
    • Each secured field will automatically appear in the list, with Create, Read, and Update access all initially set to “No”.
    • Pick the field(s) that you want to grant access to and change their value’s to “Yes”
  4. Publish your changes.
  5. Done Smile

How the end result looks:

  • Fields enabled for Field Level Security appear with a Key symbol against them
  • When a field is secured such that a user has no READ permission that user will see the field on the CRM form but the data will be masked out, and in CRM views the column will be blank
  • When a field is enabled for Read but locked for Update it appears disabled on the form

image

 

Sharing Field Level Permissions:

The Sharing feature we are used to from CRM 4.0 has been extended in CRM 2011 to support the Sharing of Field Level Permissions.  A user who has been assigned a Field Security Profile granting them permission to a secured field can potentially share that Field Level Permission to another user (or Team) who currently does not have access to that secured field. 

I say ‘potentially’ as the ability to share Field Level Permissions is constrained by a new Security Role: “Field Sharing”:image_thumb[14] 

Here are the steps to Share Field Level Permissions to another user:

From the CRM record that you want to share click the “Sharing” button on the Ribbon and select the option “Share Secured Fields”:image_thumb[19]

The rest is pretty simple, just like normal sharing (although a bit ‘clicky’).   

regards,

Gareth.

Advertisements

CRM 2011 New Features: Field Level Security

Just some quick notes on this feature…

To activate field level security:

  1. Enable each field that you want to secure (its a new property on the field)
  2. Create Field Security Profiles (e.g. you might create “Admin Users” and “Normal Users”)
  3. Assign users/teams a profile (or multiple profiles) – note: if multiple profiles are assigned the user receives the least restrictive permissions
  4. Edit the profiles
    • Each enabled field will automatically appear under each profile.
    • Their default state is fully secured for read, create and update
    • Edit as required –e.g. leave “Normal Users” set to restricted but open up the permissions on the “Admin Users” profile
  5. Publish the profile

image

Fields enabled for Field Level Security, displayed under the GT Data Admin Users profile

How the end result looks:

  • Fields enabled for Field Level Security appear with a Key symbol against them
  • When a field is secured such that a user has no READ permission that user will see the field on the CRM form but the data will be masked out, and in CRM views the column will be blank
  • When a field is enabled for Read but locked for Update it appears disabled on the form

image

Cost Rating and Price fields enabled for field level security, user has update permission to Cost Rating but only read permission for Price