In Microsoft Dynamics CRM 4.0, there are very few (and complicated) options for field-level security in CRM. Here is the white paper in the “Nuts and Bolts” Series from Microsoft. Other un-supported option include disabling /hiding a field depending on the security role of the user by making a web service call to get the currently logged-on user’s security role. But enough about 4.0…let’s talk about the beta of Microsoft Dynamics CRM 2011 field-level security included in the out of the box features.


In the example below, I will create a new field with the field-level security property turned on and make changes to the Access level of a user on the particular field. Firstly, create the field with “Field-level security” property turned on.

CRM 2011 Field-Level Security

Then there is a new area in the Administration area called the “Field Security Profiles”.

Create a new security profile and then edit the “Field Permissions” to be only ‘Read’. The various permissions are Read, Update and Create. By default, the permission is none. All the secured fields are listed automatically in this area

Then, add the particular user/team that should be restricted accordingly to the newly created field.

Now add the newly created field on the entity’s form and publish the form

The form looks like this for a user who has full access like an admin user or a user given update permission to this field.

And it appears grayed out for a user with read-only permission as shown below.

And another interesting thing is what happens when you give no access to this field by removing the read access previously given

It actually still shows the field on the form for this user but with the field characters as dots (similar to a password field) as shown below:

There is lot more that can be achieved using this out-of-box field-level security feature. This is one of the most requested features of the clients in the MS CRM 4.0 version.

We hope you find this information helpful and as the CRM Experts at PowerObjects continue to dig into CRM 2011 we will continue to post information here. Also if you are interested in getting a hosted sandbox to start trying some of the features out or checking your customizations let us know.

Happy CRM’ing

Avatar for Joe D365

Joe D365

Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.