Edit

Share via

Column-level security example

  • Article

This scenario describes how to use Dataverse column-level security.

Imagine your company's policy is that sales members should have different levels of access to contact mobile phone numbers, as described here.

User or Team Access
Sales managers Read-only. Can only view mobile phone numbers in masked form for contacts.
Vice presidents Full. Can create, update, and view mobile phone numbers for contacts.
Salespersons and all other users None. Can't create, update, or view mobile phone numbers for contacts.

Use the following steps to secure this column.

Secure the column

  1. Sign in to Power Apps.

  2. Select Tables.

  3. Select the Contact table.

    Screenshot showing how to select the Contact table.

  4. Under Schema, select Columns.

    Screenshot showing under Schema, select Columns.

  5. Scroll down in the Columns list and open Mobile Phone.

    Screenshot showing the Mobile Phone column.

  6. Expand Advanced options, and then under General, select Enable column security.

    Screenshot showing advanced options and enable column security.

  7. Select the Masking rule dropdown menu, and select a masking rule.

  8. Select Save.

Configure security profiles

  1. From the Power Platform admin center, select the environment to configure security profiles for.

  2. Select Settings > Users + permissions > Column security profiles.

  3. Select New Profile, enter a name, such as Sales Manager, enter a description, and then select Save.

    Screenshot showing how to create a new column security profile.

  4. Select Sales Manager, select the Users tab, select + Add Users, select the users that you want to grant access to the mobile phone number on the contact form, and then select Add.

    Tip

    Instead of adding each user, create one or more teams that include all users that you want to grant access.

  5. Repeat the above steps and create a column security profile for Vice President.

Configure column permissions

  1. Select the Column Security Profiles tab, and then select Sales Manager.

  2. Select the Column Permission tab, select mobilephone, and then select Edit. Set the Read setting to Allowed, leave the others as Not Allowed, and then select Save.

    Screenshot showing the edit column security permissions.

  3. Select the Column Security Profiles tab, and then select Vice President.

  4. Select the Column Permissions tab, select mobilephone, and then select Edit. Set the Read setting to Allowed, the Read unmasked to One record, and the rest as Allowed, and then select Save.

Users not defined in the previously created column security profiles lack access to the mobile phone column on contact forms or views. The column value displays Lock icon. ********, indicating that the column is secured.

Column-level security to control access
Hierarchy security