CRM 2013 – How to set up Field Level Security

I have covered all the other aspects of Security in CRM 2013 and now I am left with Field Level Security, which in some ways is apt because this is probably the most strict.

Field level security was a much requested feature when it was added in CRM 2011, probably up there with auditing.

Here is the video walkthrough

Field level security allows you to add extra security around individual fields.  The three security values are






Adding Security to a Field

The first rule is, you cannot set field level security for any of the default fields. If you try to the pesky field level security checkbox is disabled.  I’m not entirely sure the reasons for this, the most likely is if you stop people adding values to the default fields then some of the functionality might stop working or the system as whole might not work probably (that is my interpretation of it)

You can only set field level security on custom fields!

So go to record, either create or find a custom field and then enable Field Security

field level 1

If you now look at your custom field on the form then you will see there is a key on the field

field level 2

Publish the changes to the entity and before we add the field to a Field Level Security profile go and have a look at the form, which in my case is the account form.

If you go to the form with a user who has the System Administrator role then you will be able to see the value in field but if you go to that form as another user then you will see some asterisks ****** (even if the field is blank).  The reason all other users see asterisks is because the field is added to field level security profiles (all of them) with the Create, Update, Read values all set to NO.

This means when you add field level security, no users (except System Administrators) will be able to view or edit the field, so you better quickly set it to a field level security profile and add some users.

below is a screen shot for a user who isn’t a System Administrator

field level 3


Create Field Level Security Profile

Now we are ready to create a profile.  The order of these steps can catch people out because if you start with Field Level security you might first create your Field Level Security profile and find them blank and then you will wonder how to get fields in there.

Go to Settings –> Administration –> Field Security Profiles

field level 5


This will then take you to a list of all the field level security profiles.

Notice the System Administrator is a default team maintained by CRM, although it is possible to add members to the team.

Now edit or create a new field security profile

field level 6

Opening your new field security profile.

If you go to field permission you will see a list of all fields which have field security enabled.

By default the privileges are set to NO

field level 7


if you click on one of the fields you can then edit the security

field level 4

The other important thing you need to do is add users/teams to the field security profile (otherwise only System Administrators can view/edit the fields)

field level 9


Key Facts about Field Level security for MB2-703 exam

Enabling or disabling of field level security by setting the IsSecured attribute cannot be audited.

System Admin is has all privileges on all field level security fields, the user has a System Administrator field security profile where all values are set to yes and will be for any fields checked for field level security.

Every field enabled for field level security is added to all field level security profiles

when you turn on field level security for a field, it will automatically be added to all Field Level security roles with Read, Create and Update all set to No.

New field level security fields can only be seen by users with the System Administrator role, so you have to go and configure the field level security privileges.

Every field level security profile will include all fields with field level security enabled.

Fields that are ticked for field level security will be added to field security profiles but with Read, Update, Create all set to No, so you must go in to configure

users/teams can be added to more than one field level security profile.

*** asterisks show if a user does not have read access to a field

*** asterisks show even if the field is null/blank

You cannot delete the System Administrator field level security profile

You can only set field level security on custom fields!

8 thoughts on “CRM 2013 – How to set up Field Level Security

  1. jasrus May 16, 2016 / 9:43 am

    For those using Hosk’s guide for the newer CRM 2016 exams, note that Field Level security can now be applied to most attributes, including system and custom attributes.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s