Field-Level Security in Dynamics 365 CE

In addition to controlling access at the record level, Dynamics 365 CE allows organizations to restrict access to specific fields(columns) using Field-Level security.

This is useful when certain sensitive information should only be visible to specific users or teams, even if they have access to the records as a whole.

What is Field-Level Security?

Field-Level Security enables administrators to restrict access to individual fields on an entity.

You can control Read, Create, and Update privileges separately for each field.

Users who do not have access to a secured field will see it as blank or unavailable (depending on the UI).

Common use cases:

1. Hiding salary or compensation fields from non-HR users.

2. Restricting personal identification fields ( passport number, tax ID).

3. Controlling visibility of internal financial details.

How it works

1. You enable Field Security for a specific field in the entity definition.

2. You configure Field Security Profiles - collections of field privileges.

3. You assign users or teams to Field Security Profiles.

4. Users will see or edit the field based on their profile permissions.

Important: Field security only applies to users who interact with the UI or APIs - system administrators and system processes may bypass it.

Limitations and Considerations

• Field Security adds processing overhead - use it only where necessary.

• Not all field types are supported (e.g. calculated fields or rollup fields cannot be secured).

• Field Security does not automatically apply in reports - report visibility must be controlled separately.

• Field security is not supported for:

Best Practices

1. Use Field Security only for fields with a clear need for confidentiality - avoid overusing it.

2. Keep the number of Field Security Profiles manageable - complexity grows quickly.

3. Test thoroughly - ensure that secured fields behave as expected across model-driven apps, forms, views, and APIs.

4. Document secured fields and profiles - so future admins understand why fields are protected.

5. Audit reports and integrations - verify that field security is respected where needed.

Summary

Field-Level Security is a powerful tool to enforce confidentiality within records in Dynamics 365 CE. When used carefully, it helps organizations meet compliance requirements and protect sensitive data from unauthorized access - even when users have access to the record as a whole.