How To Enable Column Level Security In Dataverse
Column level security in Dataverse allows app makers to restrict access to specific columns in a table while granting access others By creating a column security profile you can choose to give read, write or create permissions to the column. Users who are assigned the column security profile can view the sensitive data and it is hidden from those who are not. In this article I will show you how to build a model driven app that uses column level security.
Table of Contents
• Introduction: The Original Cost Column In The Equipment Table
• Setup An Equipment Table In Dataverse
• Enable Column Level Security In Dataverse To Protect Sensitive Data
• Create A Column Security Profile
• Change Column Security Permissions For Read, Write & Create
• Assign A User To The Column Security Profile
• Assign A Column Security Profile To A Security Team
Introduction: The Original Cost Column In The Equipment Table
Employees at an equipment rental company use the Equipment Management app to track assets and their original cost. Permissions are granted to executives and finance team members to see data in the original cost column.
Other employees at the company can see the equipment but cannot see data in the original cost column.
Setup An Equipment Table In Dataverse
Create a new Dataverse table named Equipment with the following columns:
- Name
- Owner
- Building Facility
- Original Cost
Then input this data to the table:
| Name | Owner | Building Facility | Original Cost |
| PRINTER-001 | Matthew Devaney | 3330 Union Park | 3501.00 |
| PRINTER-002 | Matthew Devaney | 3330 Union Park | 2881.00 |
| PRINTER-003 | Matthew Devaney | 3330 Union Park | 4498.00 |
| PRINTER-004 | Matthew Devaney | 40 Village Junction | 3624.00 |
| PRINTER-005 | Matthew Devaney | 40 Village Junction | 4895.00 |
| PRINTER-006 | Matthew Devaney | 736 Delaware Place | 1508.00 |
| PRINTER-007 | Matthew Devaney | 74 Carpenter Road | 5170.00 |
| PRINTER-008 | Matthew Devaney | 74 Carpenter Road | 2200.00 |
| PRINTER-009 | Matthew Devaney | 776 Mayer Trail | 5096.00 |
| PRINTER-010 | Matthew Devaney | 776 Mayer Trail | 2817.00 |
Insert the Equipment table into a Model-Driven App named Equipment Management. The main view should include the Original Cost column.
Also add the Original Cost column to the main form for Equipment.
Enable Column Level Security In Dataverse To Protect Sensitive Data
The first step is to enable column security on the Original Cost column. Once enabled, only users with the proper permissions will be able read or write to the column. Go to the Equipment table and edit the Original Cost column. Check the enable column security setting and press Save.
Now when we view the table as a User who has access to the Equipment table they can no longer see the Original Cost field.
The Original Cost for a record also appears as hidden in the Equipment table main form.
Create A Column Security Profile
A User must be assigned a column security profile to read-write to any column where column security is enabled. A column security profile is essentially a security role for specific table columns
Go the Power Platform Admin Center and open the current environment. Go to the settings menu.
Expand the Users + Permissions section and select column security profiles.
Add a new profile.
Name the profile Equipment Management Executive. Then press Save.
Change Column Security Permissions For Read, Write & Create
Once the column security profile is created we must setup permissions. Open the Equipment Management Executive columns security profile. The column permissions tab shows all columns which are enabled for column level security. Edit the Original Cost column.
Grant permissions for the Original Cost column by setting the read, update & create dropdowns to Allowed or Not Allowed. Press save when finished.
- Read – ability to view the column value for an existing record
- Update – ability update the column value for an existing record
- Create – ability to set the column value for a new record
Assign A User To The Column Security Profile
To grant a User access to a column with security enabled open the column security profile and go to the Users tab. Select Add Users and choose the users you wish to add.
The user now has the ability to Original Cost column values in the Equipment table main view.
And the User can also see Original Cost values on the main form when they select a specific record.
Assign A Column Security Profile To A Security Team
We can lower the administrative effort needed to assign both security roles and column security profiles by associating them to a security team and then adding users to the team. The users will inherit the all roles & profiles assigned to the team.
Create a new security team in the Power Platform Admin Center. Go to the current environment named Equipment Management Executive Team. Select the team type Owner and press the Next button.
Add any users who should be able to view the Original Cost column to the security team.
Go to Manage Team Roles and add any security roles needed to gain access to the Equipment Management App and the Equipment table. Assume the Equipment Management App User shown in this examples does both of these things.
Then open the column security profile in Power Platform Admin Center and add the Equipment Manager Executive Team to it.
Now any user who is a part of the Equipment Management Executive Team can access the app, its tables and the Original Cost data protected by column-level security.
Did You Enjoy This Article? 😺
Subscribe to get new Power Apps & Power Automate articles sent to your inbox each week for FREE
Questions?
If you have any questions or feedback about How To Enable Column Level Security In Dataverse please leave a message in the comments section below. You can post using your email address and are not required to create an account to join the discussion.
Well Done Matthew. This was good and straight-forward
Matthew, I’m trying your tutorial now, and the Enable column security fields for the Original Cost column is disabled. Any thoughts?
Hi Matthew – could you tell me why the column level security option is disabled in my environment? I have full permissions…indeed, it’s my personal Tenant and I’m the only user – meaning column level security is redundant really, but I’m just trying to get a handle on it as I’m studying for the PL-200 🙂
Thank you for this article, really good details! I would like to enforce security for the out-of-the-box Notes entity but when I look at the Description field, the ability to select ‘Enable column security’ is not possible (grayed out). Is this because it is a core entity and we can’t enforce security on those? I did not see that limitation in this MS document: https://learn.microsoft.com/en-us/power-platform/admin/enable-disable-security-field
The use case is we want to limit visibility of Notes to the person creating the Note and the person the Note is directed towards. In my case, this will be the Creator of a Knowledge Article. Any suggestions would be appreciated!