Field-level security in Dataverse


Dataverse offers three different tiers of security which are Organization level, Record Level and Field level, and a user’s level of access is determined by his security role in the organization. Organization-level security is keeping data separate and independent from other organizations or departments. Record-level permissions are granted at the entity level, which means the control of visibility of the whole entity’s data. We may have certain fields associated with an entity that contain data that are more sensitive than the other fields. For these situations, we use field-level security to control access to specific fields. This feature in Dataverse prevents certain users from viewing, editing or creating data in a given column. This security works in any app type (i.e. Canvas, Model-Driven) using the Dataverse.

I’ll be demonstrating how to add field security on a given field. I have created a table named Test Table which has four columns including the ID field along with his/her name, date of birth and a PIN. We will be considering the scenario that for the user, all the fields must be unchangeable except the PIN field which he/she can change accordingly.


Select the PIN field and Enable Column Security and then make sure to save the table.


Click the Gear Icon at the top right of the screen and select “Advanced Settings”


Give your Field Security Profile a name and description. We have to save the first time configure the settings.

After saving, Click “Field Permissions”

In the list of fields, select the field that you enabled for field level security.


Now we can set three options:

Allow Read – allows users assigned this profile the ability to view this field.

Allow Update – allows users assigned this profile the ability to update/change information in this field.

Allow Create – allows users assigned this profile the ability to create/add information to this field.


We may need to create multiple profiles for the same field in the case users need different permissions. (E.G. some can only view and others can update/create.

Once we set the permissions you will need to assign this profile.

There are two methods to assigning the profile:

Users: This method allows you to add users to the profile.

Teams: This method allows us to add teams to the profile.

When we use the field in a Model-Driven App form you should now see a lock next to the field:


Join us next time, as we continue our journey of learning canvas apps.Click here to learn more about Imperium's Power Apps Services. We hope this information was useful, and we look forward to sharing more insights into the Power Platform world.

Chief Architect, Founder, and CEO - a Microsoft recognized Power Platform solution architect.

About The Blog

Stay updated with what is happening in the Microsoft Business Applications world and initiatives Imperium is taking to ease digital transformation for customers.

More About Us

We provide guidance and strategic oversight to C-Suite and IT Directors for on-going implementations. Feel free to give us a call.

1 331 250 27 17
Send A Message

Ready to Start?

Get a personalized consultation for your project.

Book a Meeting