You’re offline. This is a read only version of the page.
I'm trouble-shooting permissions. I have an environment in which some of the entities contain financial information I'd prefer to keep obfuscated/partially-hidden. If I deny the environment maker role to all other users of the environment, how would someone gain access to the raw data in the CDS entities? Obviously, they have permission to view/edit them (they have permission to use the app built upon them), but how "hidden" would i be from a user who is not familiar with CDS/environments etc.?
Hi @Medoomi
@Medoomi wrote:
Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?
Good question, I'm not sure exactly what would happen in the Canvas if you referenced the secure field that the user cannot read. There might not be an error in the Canvas App but the user definitely won't be able to see the data if they don't have permissions under the field security settings. Test it out and let us know what you find 😀
@Medoomi wrote:Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?
Field security is applied at the database level (Common Data Service). Environment Makers should still have their data access restricted by the field security. Only the System Administrator security role overrides field security. One thing that you might want to check is whether Environment Makers can edit Field Security profiles. To be honest, if you have sensitive data that you want to protect then you should not use the Default Environment, create a new Production environment as you have more control over it. The Default environment should be treated as a play pen.
Thx so much @HSheild, that looks exactly like what I was looking for.
Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?
Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?
#1
WarrenBelz
791
Most Valuable Professional
#2
MS.Ragavendar
410
Super User 2025 Season 2
#3
mmbr1606
275
Super User 2025 Season 2
Share
Report
All responses (
Answers (
