This entry is part of our Feature Review Series. These short and to the point blogs strive to provide a quick snapshot of information to a user. They include a brief overview of a feature, how it's managed or configured, some insight into how a business/organization would use it, and provide links to resources or tutorials for a deeper dive.

What is Column Level Security?

Note: Column Level Security was previously known as Field Level Security. While updated in most areas in the system, some still refer to the term "field." We've structured this article to use the language at the time of writing, but terminology could change in a future update from Microsoft.

As you likely know, Security Roles control access to tables within D365. But there can be scenarios where specific data on a record needs protection. A typical example might be if a non-profit organization leverages Contact records both as service recipients and donors.

There will likely be information tracked on the Contact record that needs protection. For example, donor management professionals should not have access to emergency medical contacts.

Sure, you could give the donor management staff member a different form, but they could still pull that data in views or reports.

Column Level Security services this kind of scenario. An administrator can enable field-level security on the necessary fields on the table. Doing so renders the data in the field to display with ******. This function applies to views and reports as well.

What Column Level Security Looks Like

In our first image, we see the Emergency Medical Contact field as an open text field containing "Pat Smith."

Once enabling Column Level Security for the field in question (we will cover how in the next section of this article), we find that the field contains a padlock icon. Since we're not signed in under a Field Security Profile, the data in this field displays as ******.

When signed in as a user that belongs to a Field Security Profile with visibility rights enabled, we see a key beside the field indicating that we're seeing data that others may not.

How to Enable Column Level Security

Users can turn on Column Level Security both out-of-the-box and custom fields in the system. To do so, open the Power Apps Maker portal and navigate to the solution you wish to edit. Locate the Table and column where you want to enable column-level security. In the edit pane of the column, you'll find the column level security field in the Advanced Options section of the form (this area defaults as closed, so you need to click/tap to expand it).

Place a checkmark in the field, save the record, then save the table. Now column-level security is enabled, and only users belonging to a Field Security Profile have access to this field.

Field Security Profiles

Field Security Profiles permit access levels to records protected by Column Level Security. It's a grouping of Users and/or Teams, and for each Field Security Profile, you can permit different levels of access to the fields.

As of now, this field is only accessible in the Classic Settings interface. Click/tap the "gear" icon in the upper right, and then click/tap Advanced Options.

Navigate to the Security area and click/tap on the Field Security Profiles area.

Here, we can create a new Field Security Profile or edit existing ones. We've created a new Field Security Profile titled Contact Health Data in this example.

Add Users or Teams to the Profile

Next, we can add a user to this Field Security Profile by clicking/tapping Users on the left nav. Alternatively, we could click/tap Teams to add a Team, which would permit everyone on the team access to the fields.

Manage Column Level Permissions

By clicking/tapping the Field Permissions on the left nav of the Field Security Profile, we can see all of the fields where column-level security is enabled. By default, when a new profile is created, all the fields' access is set to No.

Staying with our example, we scroll down to the Emergency Medical Contact field and double click/tap to open it. This action launches a new, small window with the three levels of permission as outlined here:

  • Allow Read - Users can view this field
  • Allow Update - Users can change the information in this field
  • Allow Create - Users can add information to this field when the record is created

Set the values in these fields accordingly to the needs of the organization. In our example, we've set all three fields to Yes.

Upon saving this change, we can return to our user signed in to the system and see that the field data is now visible.

Column Level Security is a powerful tool that helps administrators gain an additional level of security for specific data points that need protection. We hope this has given you an overview of how this feature works and encourage you to think about how this feature might benefit you in your environment.

Are you looking for someone to discuss this with to get additional details? Contact C5 Insight today!