Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Blogs / Streamlining Operations with D365FO and Power P... / Mastering Field-Level Secur...

Mastering Field-Level Security in D365FO: Managing Sales Tax Groups on Sales Ord

mallesh varma Profile Picture mallesh varma 190
Security Roles are predefined sets of permissions that determine what actions users can perform within the system. They control access to data, functionalities, and user interfaces.
Components of Security Roles:
  • Duties: These represent specific functions within a business process. For example, a duty might include tasks such as creating sales orders or managing vendor records.
  • Privileges: These are the specific permissions granted by duties, such as read, write, or delete access.
  • Permissions: These define the level of access users have to data entities and operations within the system.
Role-Based Access Control (RBAC):
  • D365FO uses RBAC, where users are assigned roles, and these roles grant access to different areas of the system based on their responsibilities.
Role Hierarchy:
  • Roles can be hierarchical, meaning higher-level roles often include the permissions of lower-level roles. This structure helps in managing complex security setups efficiently.
Custom Roles:
  • In addition to standard roles provided by D365FO, administrators can create custom roles tailored to specific organizational needs.
Security Role Assignment:
  • Roles are assigned to users or user groups. This assignment determines which data and features a user can access. For example, a user assigned the "Sales Manager" role might have permissions to manage sales orders, while a "Sales Representative" role might have more restricted access.
Field-Level Security:
  • For granular control, field-level security can be applied to restrict access to specific fields within forms. This ensures sensitive data is only visible to authorized users.
Importance of Field-Level Security in D365FO
Protects Sensitive Data:
  • Field-level security restricts access to specific fields within forms, allowing organizations to safeguard sensitive information such as financial data, personal details, or proprietary business information. This helps in preventing unauthorized users from viewing or modifying critical data.
Enhances Data Integrity:
  • By controlling access to specific fields, field-level security reduces the risk of data tampering or accidental modifications. This ensures that data remains accurate and reliable, which is essential for making informed business decisions.
Reduces Risk of Errors:
  • By restricting access to certain fields, organizations can minimize the risk of errors caused by users inadvertently modifying critical fields. This is especially important in complex processes where data integrity is crucial for accurate reporting and analysis.
Enhancing Data Protection with Field-Level Security in Dynamics 365 Finance and Operations (D365FO)
In today’s data-driven world, protecting sensitive information and ensuring data integrity is paramount. One of the powerful features in Dynamics 365 Finance and Operations (D365FO) that supports these goals is Field-Level Security. Here's why incorporating field-level security into your D365FO implementation is essential for modern enterprises.
Implementing Field-Level Security
Incorporating field-level security into your D365FO environment involves configuring security roles and permissions to control access at the field level. It’s a strategic step towards enhancing data protection and ensuring that your enterprise’s sensitive information is well-secured.
Why Focus on Sales Tax Groups?
Protect Sensitive Financial Information: Sales Tax Groups often contain critical financial details that influence tax calculations and reporting. Field-level security ensures that only authorized personnel can access or modify these details, protecting against unauthorized changes and potential data breaches.
Navigation : Sales and Marketing > Sales orders > All sales orders
From the Options > Security Diagnostics in Dynamics 365 Finance and Operations (D365FO), you can view all the privileges, roles, and duties related to Sales Order details. It’s crucial to focus on the specific privileges highlighted in this context, as they define the access levels

Make a note of the highlighted privileges from the Options and Security Diagnostics screen. Next, navigate to the Sales Order lines and Sales Tax Group sections. Right-click on these elements and select "Form Information" from the context menu. This action will open a window displaying detailed information about the form, including the underlying tables and other relevant details, Make a note of the Data source and data field.

Similarly, navigate to the Sales Order header and Sales Tax Group sections. Right-click on these elements and select "Form Information" from the context menu. Note the data source, which will be the Sales table, and the specific data fields(Tax group) associated with these forms.

Navigate to System administration > Security > Security configuration. Search for the Maintain sales order details privilege. Duplicate this privilege to create a new, unique version. This helps avoid altering the permissions associated with the existing role. In the duplicated privilege.

Select the relevant table and add the SalesTable and SalesLine tables to ensure the new privilege covers these data sources.

For the SalesLine (Sales Order Line Level), add the reference data source "TaxGroup" to ensure that the Sales Tax Group field is secured at both the header and line levels.

Navigate to the tables section. For the SalesTable (Sales Order Header), add the reference data source "TaxGroup".

  • Created a New Privilege: Ensure the modified privilege is saved with a unique name.
  • Create a New Duty: Navigate to System administration > Security > Security configuration > Duties.
  • Create a new duty and attach the newly created privilege to this duty.
  • Create a New Role: Navigate to System administration > Security > Security configuration > Roles.
  • Create a new role and attach the newly created duty to this role.
  • Publish the Role: Once the role is created and configured, publish the role to make it available for assignment to users.

After creating and publishing the new security role:
  • Navigate to Users Section: Go to System administration > Users > Users.
  • Assign the Security Role: Select the user(s) to whom you want to assign the newly created security role.
  • In the user details, go to the Roles tab.
  • Assign the newly created role to these users.
  • Apply Changes: Save the changes. The assigned users will now have the new security role, and the Sales Tax Group field should be grayed out for them, restricting their access.

Test the New Security Role:
  1. Navigate to Sales and Marketing Module: Go to Sales and marketing > Sales orders > All sales orders.
  2. Open a Sales Order:
  3. Select any existing sales order to view its details.
  4. Check the Sales Tax Group Fields:
  5. Line Level: Scroll down to the Sales Order lines and locate the Sales Tax Group field at the line level. This field should also be grayed out.

  • Header Level: In the Sales Order header, locate the Sales Tax Group field. It should be grayed out, indicating restricted access as per the new security role.

Field-Level Security: Provides a straightforward method to control access at the field level without extensive development. Configuration is done through the user interface, making it easier to manage and adjust as needed.

​​​​​​​

Comments