Edit

Share via

Sample: Column-level security using Dataverse SDK for .NET

This sample shows how to perform column-level security operations using Dataverse SDK for .NET.

View this sample on Github

Prerequisites

  • Microsoft Visual Studio 2022
  • Access to Dataverse with system administrator privileges.

How to run this sample

  1. Download or clone the Samples repo so that you have a local copy.
  2. Follow the instructions in the Configure users section to create a second application user account without the system administrator role.
  3. Edit the /ColumnLevelSecurity/appsettings.json file to define a connection string specifying the Microsoft Dataverse instance you want to connect to for both the system administrator and second application user.
  4. Open the sample solution in Visual Studio and press F5 to run the sample.

What this sample does

This sample demonstrates the capabilities described in Column-level security with code:

  • Discover which columns can be secured in a Dataverse environment
  • Discover which columns are currently secured
  • Secure columns in a Dataverse environment
  • Grant read or write access to selected fields to individual users
  • Modify access to secured fields for individual users
  • Revoke access to selected fields for individual users
  • Provide read and write access to specific groups of users
  • Enable masking of secured columns
  • Retrieve unmasked values for secured columns

Sample files

The code for this sample is in the following files:

File Description
Program.cs Controls the flow of the sample. Contains definition of Setup, Run, and Cleanup methods and calls them in the Main method.
Examples.cs Contains methods that demonstrate operations related to column-level security operations.
Helpers.cs Contains methods used by the sample to manage setting up and running the sample. These methods aren't the focus of this sample.

This sample is designed to be resilient when errors occur so you should be able to run the sample again if it failed previously.

How this sample works

In order to create the scenario described in What this sample does, the sample does the following operations:

Setup

The static Setup method in this sample does the following operations:

  1. Create a solution publisher named ColumnLevelSecuritySamplePublisher with customization prefix of sample if it doesn't exist.

  2. Create a solution named ColumnLevelSecuritySampleSolution associated with the publisher if it doesn't exist.

    All subsequent solution-aware items are created in the context of this solution.

  3. Create a table named sample_Example if it doesn't exist.

  4. Create four string columns in the sample_Example table if they don't exist. The table schema names are:

    • sample_Email
    • sample_GovernmentId
    • sample_TelephoneNumber
    • sample_DateOfBirth

  5. Remove any existing sample data in the sample_Example table.

  6. Add three rows of sample data with information in each column of the sample_Example table.

  7. Create a new security role named Column-level security sample role.

  8. Add privileges for the sample_Example table to the security role.

  9. Associate the user to the security role.

  10. Create a Field Security Profile record named Example Field Security Profile that is used in the Manage access to secure column data to groups section of the sample.

  11. Associate the application user to the field security profile.

  12. Wait 30 seconds for the cache to catch up with the new objects created.

Demonstrate

The static Run method in this sample does the following operations:

Retrieve information about columns

  1. Use the Examples.DumpColumnSecurityInfo method to download a CSV file with data about which columns in the system can be secured.
  2. Use the Examples.GetSecuredColumnList method to retrieve and show a list of environment columns that are already secured.

Secure columns

  1. Demonstrate that the application user can retrieve data from all the columns in the sample_Example table.
  2. Use the Examples.SetColumnIsSecured method to secure the four columns
  3. Demonstrate that the application user can no longer retrieve data from the secured columns in the sample_Example table.

Grant access to secure column data to individuals

  1. Use the Examples.GrantColumnAccess method to grant the application users read access to specific record field values by creating a Field Sharing (PrincipalObjectAttributeAccess) record.
  2. Demonstrate that the application user can now retrieve data from specific secured record fields in the sample_Example table.
  3. Demonstrate that the application user isn't allowed to write data to the secured columns.
  4. Use the Examples.ModifyColumnAccess method to grant write access to a specific record field.
  5. Demonstrate that the application user is now allowed to write data to the specific record field.
  6. Use the Examples.RevokeColumnAccess method to delete the PrincipalObjectAttributeAccess records that gave the application user access to the secured columns.

Manage access to secure column data to groups

  1. Add field permissions to the Example Field Security Profile record that was created in Setup by creating Field Permission (FieldPermission) records
  2. Demonstrate that the application user can view only the secured columns specified in the field permission records.
  3. Demonstrate that the application user isn't allowed to write data to the specific record field not enabled with field permissions.

Masking

  1. Retrieve ID values for existing masking rules. Create new Secured Masking Column (AttributeMaskingRule) records to specify masking rules for columns of the sample_Example table.
  2. Update the canreadunmasked column values of the Field Permission (FieldPermission) records created earlier.
  3. Wait 30 seconds for the cache to catch up with the new objects created.
  4. Demonstrate that the application user can now retrieve data with masked values.
  5. Demonstrate that the application user can now retrieve unmasked values with RetrieveMultipleRequest class when using the UnMaskedData optional parameter.
  6. Demonstrate that the application user can now retrieve unmasked values with RetrieveRequest class when using the UnMaskedData optional parameter.

Export solution

Use an exported solution to test the functionality of the sample configurations outside of this sample.

  1. Export the solution created with all the configurations as an unmanaged solution.
  2. Export the solution created with all the configurations as a managed solution

Clean up

The static Cleanup method in this sample does the following operations:

When the SampleSettings.DeleteCreatedObjects setting in appsettings.json is true, the Cleanup method tries to delete all components created during Setup or Run. The goal is to return the environment to the original state. If you don't want the items to be deleted, you can change the setting to false.

Sample: Column-level security using Dataverse Web API (PowerShell)