Announcements
I'm trouble-shooting permissions. I have an environment in which some of the entities contain financial information I'd prefer to keep obfuscated/partially-hidden. If I deny the environment maker role to all other users of the environment, how would someone gain access to the raw data in the CDS entities? Obviously, they have permission to view/edit them (they have permission to use the app built upon them), but how "hidden" would i be from a user who is not familiar with CDS/environments etc.?
Thx so much @HSheild, that looks exactly like what I was looking for.
Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?
Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?
Hi @Medoomi
@Medoomi wrote: Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?
Good question, I'm not sure exactly what would happen in the Canvas if you referenced the secure field that the user cannot read. There might not be an error in the Canvas App but the user definitely won't be able to see the data if they don't have permissions under the field security settings. Test it out and let us know what you find 😀
@Medoomi wrote:Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?
Field security is applied at the database level (Common Data Service). Environment Makers should still have their data access restricted by the field security. Only the System Administrator security role overrides field security. One thing that you might want to check is whether Environment Makers can edit Field Security profiles. To be honest, if you have sensitive data that you want to protect then you should not use the Default Environment, create a new Production environment as you have more control over it. The Default environment should be treated as a play pen.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Congratulations to our 2026 Super Users!
Congratulations to our 2025 community superstars!
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Vish WR 914
11manish 617
Valantis 598
