1. To-Increase Dynamics 365 for Finance & Operations
  2. Dynamic field security
  3. Set up field security policies

Edit field security policy

Use a field security policy to define for which forms, tables, or fields editing is locked or allowed.

If the form mapping is recorded and applied to a field security policy, edit this field security policy setup:

  • Table: In the table setup, you define the tables, and optionally, forms, to which the field security policy applies. You also define how the policy is applied to the tables and forms.
  • Field: In the field setup, you define the fields, controls, or dimensions to which the field security policy applies. You also define how the policy is applied to the fields, controls, or dimensions.
  • Condition: In the condition setup, you define which inquiries or dynamic queries are applied. The conditions define how the policy is applied.


System administrator System administrator Start Start Edit field security policy table setup Edit field security policy table setup Use a field security policy to define for which forms, tables, or fields editing is locked or allowed. If the form mapping is recorded and applied to a field security policy, edit the table setup. In the table setup, you define the tables, and optionally, forms, to which the field security policy applies. You also define how the policy is applied to the tables and forms. The security level defines how to set up the policy and how it is applied: Security level Description Field setup Condition setup Table Editing is locked or allowed for the whole table. Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action field and Skip field are not considered. You can only apply generic conditions, for example, on user or role. Table field Editing is locked or allowed for specific table fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the: Table setup to Lock edit. Field setup to Allow edit. For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role. Record Editing is locked or allowed for the whole record. Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action and Skip fields are not considered. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers. Record field Editing is locked or allowed for specific record fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the: Table setup to Allow edit. Field setup to Lock edit. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record field is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers.   Procedure 1. Go to Dynamic field security management (Preview) > Policies > All field security policies. 2. In the list, click the link of the desired field security policy. 3. Click Edit. 4. Expand the Table setup section. 5. In the list, find and select the desired record. 6. In the Form name field, enter or select a value. 7. In the Description field, type a value. 8. In the Security level field, select an option. 9. In the Default action field, select an option. 10. Select the Skip check box. 11. Sub-task: Define company group. 12. You can apply a table setup record to one or more company groups. So, the table setup record is only applied to the companies that are defined in the company group. If no company group is defined for a table set up record, it is applicable to all companies in the D365 FO environment. In the Table setup section, in the list, find and select the desired record. Note: You can define the applicable company groups as well when you apply a form mapping to a field security policy. 13. Click Company group. 14. Click New. 15. In the Company group field, enter or select a value. 16. Close the page. Notes You can only edit an inactive field security policy. Change field security table setup sequence Change field security table setup sequence You can define the sequence in which the table setup records are applied. Usually, in the table setup records, you can have: One record for each table and form combination (form-specific). One record with only the table defined and no form (table-specific). The table setup records are applied in the sequence as defined in the table setup. The first applicable table setup record that is found, is applied. You can have a table setup for the same table with both form-specific records and a table-specific record. In this case, you are advised to have the table-specific record applied as the last one. Otherwise, the form-specific records are not applied at all. Procedure 1. Go to Dynamic field security management (Preview) > Policies > All field security policies. 2. In the list, click the link of the desired field security policy. 3. Click Edit. 4. Expand the Table setup section. 5. In the list, find and select the desired record. 6. Click Move up. 7. In the list, find and select the desired record. 8. Click Move down. Edit field security policy field setup Edit field security policy field setup Use a field security policy to define for which forms, tables, or fields editing is locked or allowed. If the form mapping is recorded and applied to a field security policy, and you have edited the table setup, edit the related field setup. In the field setup, you define the fields, controls, or dimensions to which the field security policy applies. You also define how the policy is applied to the fields, controls, or dimensions. The security level defines how to set up the policy and how it is applied: Security level Description Field setup Condition setup Table Editing is locked or allowed for the whole table. Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action field and Skip field are not considered. You can only apply generic conditions, for example, on user or role. Table field Editing is locked or allowed for specific table fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the: Table setup to Lock edit. Field setup to Allow edit. For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role. Record Editing is locked or allowed for the whole record. Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action and Skip fields are not considered. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers. Record field Editing is locked or allowed for specific record fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the: Table setup to Allow edit. Field setup to Lock edit. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record field is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers. Procedure 1. Go to Dynamic field security management (Preview) > Policies > All field security policies. 2. In the list, click the link of the desired field security policy. 3. Click Edit. 4. Expand the Table setup section. 5. In the list, find and select the desired record. 6. Define to which fields, controls, or dimensions a table setup record applies. If the table setup record applies to a specific field, only one of these fields is filled for a record: - Field name - Control name - Dimension name If none of these fields is filled, the table setup record applies to all fields of the table or form. Expand the Field setup section. Note: When you apply the form mapping to a field security policy, the relevant field, control, or dimension is already filled in automatically. If the policy must apply to all fields of a table or form, remove the field setup records. If you want to apply conditions, keep one record with empty fields. 7. In the Field name field, enter or remove the value. 8. In the Control name field, enter or remove the value. 9. In the Dimension name field, enter or remove the value. 10. In the Default action field, select an option. 11. Select the Skip check box. Notes You can only edit an inactive field security policy. Set up field security policy conditions Set up field security policy conditions Use a field security policy to define for which forms, tables, or fields editing is locked or allowed. If the form mapping is recorded and applied to a field security policy, and you have edited the table setup and field setup, define the applicable conditions. In the condition setup, you define how the policy is applied. To define a condition, you can use one of these options: Inquiry: Use a D365 FO inquiry to define the condition. Dynamic query: Use a query from the Dynamic query framework to define the condition. The security level defines how to set up the policy and how it is applied: Security level Description Field setup Condition setup Table Editing is locked or allowed for the whole table. Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action field and Skip field are not considered. You can only apply generic conditions, for example, on user or role. Table field Editing is locked or allowed for specific table fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the: Table setup to Lock edit. Field setup to Allow edit. For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role. Record Editing is locked or allowed for the whole record. Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name. The settings of the Default action and Skip fields are not considered. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers. Record field Editing is locked or allowed for specific record fields. Define the desired field setup records. The settings of the Default action field and Skip field are considered. Note: The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the: Table setup to Allow edit. Field setup to Lock edit. Apply conditions to define the records to which the policy applies. Define the conditions based on record data. For example, editing a record field is only allowed if the: Record has a specific status. Customer belongs to a specific customer group. Item is within a range of item numbers. Procedure 1. Go to Dynamic field security management (Preview) > Policies > All field security policies. 2. In the list, click the link of the desired field security policy. 3. Click Edit. 4. Expand the Table setup section. 5. In the list, find and select the desired record. 6. Expand the Field setup section. 7. In the list, find and select the desired record. 8. Expand the Condition setup section. 9. Sub-task: Set up inquiry condition. 10. Click Add. 11. In the Description field, type a value. 12. In the Query type field, select 'Inquiry'. 13. In the Query base table field, enter or select a value. 14. Click Edit query. 15. Click OK. 16. Sub-task: Set up dynamic query condition. 17. Click Add. 18. In the Description field, type a value. 19. In the Query type field, select 'Dynamic query'. 20. In the Custom query field, enter or select a value. 21. Select the Skip check box. Notes You can only edit an inactive field security policy. End End

Activities

Name Responsible Description

Edit field security policy table setup

System administrator

Use a field security policy to define for which forms, tables, or fields editing is locked or allowed.

If the form mapping is recorded and applied to a field security policy, edit the table setup.

In the table setup, you define the tables, and optionally, forms, to which the field security policy applies. You also define how the policy is applied to the tables and forms.

The security level defines how to set up the policy and how it is applied:

Security level Description Field setup Condition setup
Table

Editing is locked or allowed for the whole table.

Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action field and Skip field are not considered.

 You can only apply generic conditions, for example, on user or role.
Table field

Editing is locked or allowed for specific table fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the:

  • Table setup to Lock edit.
  • Field setup to Allow edit.
 For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role.
Record Editing is locked or allowed for the whole record.

Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action and Skip fields are not considered.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.
Record field Editing is locked or allowed for specific record fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the:

  • Table setup to Allow edit.
  • Field setup to Lock edit.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record field is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.

 

Change field security table setup sequence

System administrator

You can define the sequence in which the table setup records are applied.
Usually, in the table setup records, you can have:

  • One record for each table and form combination (form-specific).
  • One record with only the table defined and no form (table-specific).

The table setup records are applied in the sequence as defined in the table setup. The first applicable table setup record that is found, is applied.
You can have a table setup for the same table with both form-specific records and a table-specific record. In this case, you are advised to have the table-specific record applied as the last one. Otherwise, the form-specific records are not applied at all.

Edit field security policy field setup

System administrator

Use a field security policy to define for which forms, tables, or fields editing is locked or allowed.

If the form mapping is recorded and applied to a field security policy, and you have edited the table setup, edit the related field setup.

In the field setup, you define the fields, controls, or dimensions to which the field security policy applies. You also define how the policy is applied to the fields, controls, or dimensions.

The security level defines how to set up the policy and how it is applied:

Security level Description Field setup Condition setup
Table

Editing is locked or allowed for the whole table.

Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action field and Skip field are not considered.

 You can only apply generic conditions, for example, on user or role.
Table field

Editing is locked or allowed for specific table fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the:

  • Table setup to Lock edit.
  • Field setup to Allow edit.
 For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role.
Record Editing is locked or allowed for the whole record.

Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action and Skip fields are not considered.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.
Record field Editing is locked or allowed for specific record fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the:

  • Table setup to Allow edit.
  • Field setup to Lock edit.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record field is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.

Set up field security policy conditions

System administrator

Use a field security policy to define for which forms, tables, or fields editing is locked or allowed.

If the form mapping is recorded and applied to a field security policy, and you have edited the table setup and field setup, define the applicable conditions.

In the condition setup, you define how the policy is applied.

To define a condition, you can use one of these options:

  • Inquiry: Use a D365 FO inquiry to define the condition.
  • Dynamic query: Use a query from the Dynamic query framework to define the condition.

The security level defines how to set up the policy and how it is applied:

Security level Description Field setup Condition setup
Table

Editing is locked or allowed for the whole table.

Only define one field setup record if you want to apply conditions. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action field and Skip field are not considered.

 You can only apply generic conditions, for example, on user or role.
Table field

Editing is locked or allowed for specific table fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to allow editing of a few fields of a table with many fields, set the default action of the:

  • Table setup to Lock edit.
  • Field setup to Allow edit.
 For each field setup record, you can define the desired conditions. You can only apply generic conditions, for example, on user or role.
Record Editing is locked or allowed for the whole record.

Define one field setup record. For this field setup record, these fields must be empty: Field name, Control name, and Dimension name.

The settings of the Default action and Skip fields are not considered.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.
Record field Editing is locked or allowed for specific record fields.

Define the desired field setup records.

The settings of the Default action field and Skip field are considered.

Note:

The field setup default action overrules the table setup default action. For example, to lock editing of a few record fields, set the default action of the:

  • Table setup to Allow edit.
  • Field setup to Lock edit.

Apply conditions to define the records to which the policy applies. Define the conditions based on record data.

For example, editing a record field is only allowed if the:

  • Record has a specific status.
  • Customer belongs to a specific customer group.
  • Item is within a range of item numbers.

Provide feedback