Personalized Community is here!
Quickly customize your community to find the content you seek.
Now Available in Community - New TechTalk Videos for 2021
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 2 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
Does anyone have custom security roles set up for Purchasing, AP, Finance, Buyers, Managers (requisition approval and reports) and Warehouse personnel? We are just in the implementation stage and need to set up roles that don't confuse all our end users. Our consultants are pushing back to use the standard roles but we disagree as we think that they are too busy. Any suggestions or help in the security role set up? It is a bit confusing as to what screens belong to what roles, duties, permissions, etc. Any guidance would be appreciated!
If standard role is fulfilling your requirements then it better to use those but that's not always the case. Alternative option is duplicate standard roles which are close to your requirement and remove privileges which you don't want . Regarding confusion , there is enough documentation available on docs site to get better understanding about how to locate correct privilege and you technical consultant can help with that.
Thanks - I have done a lot of research on this site - is there someplace else you would suggest? Our technical consultants are not versed in role security, unfortunately. I know, they are probably the wrong consultants. Does anyone have any classes they'd suggest for security roles? To clarify, we are using D365 Finance and Operations.
Security in D365 FO is a pretty complex world.
My experience is that most organisations do not tend to match the standard security roles perfectly. If you decide to use the standard roles, you will most likely end up with access to a lot more functionality than actually intended and potentially also a more expensive license.
To setup security on your own will be a hard and timeconsuming task (obviously depending on the number of roles and complexity of them).
The standard tools do not help you much, but you should start utilizing the security diagnostics information which is available on almost all forms.
Press the options pane and then security diagnostics as shown below.
This will show you a list of all the roles, duties and privileges which grants access to the menu item.
You will also need to spend time in the security configuration form and try your best to drill down and analyze the contents of the roles, duties and privileges.
You can get some help out of the security diagnostics for task recordings, where you can compare a users access to the contents of a task recording and it will inform you which security roles contains the elements, which the user does not currently have access to.
I hope the above helps point you in the right direction.
There are third party solutions on the market as well, that provide some help in designing security roles.
That does help - thank you. Can you share those 3rd party solutions?
Based on your situation I think you need consultants who knows about security better. Even if you go with third party solutions , you need somebody who knows underlying security architecture .
I am not sure how the community feels about linking to third party solutions.
Google should probably be able to help you.
I personally also recommend not to modify the standard role, duties or privileges but instead create a duplicate and modify that. This will help you avoid making unintended changes on other security roles.
In my implementations, I like to build the roles from scatch using standard duties as much as possible. Sometimes you need to check the duties/privileges of another standard role which actually can do the correct actions. Or sometimes create new duties or privileges.
Duplicating a role and adjust it is for sure also a good approach. During designing the roles, I usually also have attention for segregation of duties.
If your partner insists to use standard roles, the users will get e.g. multiple roles and can probably create a vendor with a bank account, post an imvoice and perform a payment. This is for sure not a good practice. I do consider the standard roles as examples. Only the timesheet user, system administrator and security administrator roles were used out of the box in my implementations. Sometimes even the timesheet user needed to have little changes.
Having a limited set of clear roles will also be more convenient when maintaining new and obsete users.
So, I do agree with all above and namely the comment to get someone involved who knows about the security and really can help you.
Business Applications communities