Skip to main content
Post a question

Notifications

Announcements

🌸 Community Spring Festival 2025 Challenge 🌸
News and Announcements icon
Community site session details

Community site session details

Session Id : nyC2zPR91sbxG9K0V3lvb/
Dynamics 365 Community / Forums / Supply chain | Supply Chain Management, Commerce / Custom Security Role I...
Supply chain | Supply Chain Management, Commerce
Answered

Custom Security Role Issue

Like (4) ShareShare
ReportReport
Posted on 26 Mar 2025 07:17:02 by faiz7049 2,145
Hi Experts,
 
I have to create custom role on form (Form Name: CaseDetail and Control Name: DeleteButton). So custom role user cannot able to see "Delete" button.
 
 
I created privilege and role as below.
 
 
I checked role from fron end.
 
 
I assigned role to user.
 
 
Problem is "delete" button still showing on Form (Form Name: CaseDetail) after custom role assigned.
 
Please guide me.
 
Thanks,
Faiz
 
 
Categories:
Dynamics 365 Supply Chain Management
  • Verified answer
    NikolajSorensen Profile Picture
    NikolajSorensen 1,755 on 26 Mar 2025 at 12:02:18
    Custom Security Role Issue
    Beware that the menuitem for the listpage of cases is not "CaseDetail" but "CaseListPage".
    So you probably need to limit that menu item as well.
     
    BR
    Nikolaj
  • faiz7049 Profile Picture
    faiz7049 2,145 on 26 Mar 2025 at 11:45:41
    Custom Security Role Issue
    Hi Nikolaj,
     
    Object already published. Not working.
     
     
     
     
     
  • Suggested answer
    NikolajSorensen Profile Picture
    NikolajSorensen 1,755 on 26 Mar 2025 at 11:11:04
    Custom Security Role Issue
    The access to delete cases can be on ANY of the users other roles.
    It is by default included in some of the standard roles you have assigned to the user as well. So that explains why the user still has the access after you removed the "ARN_Case Management" role.
     
    You seem to have set the delete option to "deny" but it will not have any effect until you publish those change. I can see you have 8 unpublished objects in the environment. You need to make sure that you understand what changes you are making and which roles it will affect, otherwise it might affect roles and users which you did not intend to affect. Once you have published the relevant changes, you will see the restriction working.
  • faiz7049 Profile Picture
    faiz7049 2,145 on 26 Mar 2025 at 10:34:26
    Custom Security Role Issue
    Hi Margin,
     
    Still deleted button is enabled on All Case form (Form Name: CaseDetail).
     
    I make following changes:
     
    1. User assigned roles updated means ARN_Case Management excluded
     
     
    It sounds like you have users using case management in two different roles; one can delete cases and the other can't.
    Yes, you are right.
     
    2. You'd have to explicitly deny the permission
    Yes, I just updated.
     
     
  • Suggested answer
    NikolajSorensen Profile Picture
    NikolajSorensen 1,755 on 26 Mar 2025 at 10:06:22
    Custom Security Role Issue
    Hi.
    The role you have built does not impose a restriction to disallow users from being able to delete.
     
    You have built a role that grants access to read, update and create cases.
     
    However as the user has several other roles assigned, one of those roles might grant the user access to delete cases.
    Security in D365FO by default works in a cumulative way where the highest access level granted across all of the users roles, is what the user will experience having.
    If you actually want to impose a restriction with your new role, you will need to choose "deny" on the delete access level instead of "unset".
  • Martin Dráb Profile Picture
    Martin Dráb 232,223 Most Valuable Professional on 26 Mar 2025 at 09:59:04
    Custom Security Role Issue
    I think the permissions is granted by a different role, such as your ARN_Case Management. You seem to believe that if you create another role (ARN Case Details Delete Restriction) that doesn't include the permission, the permissions granted by other roles will be removed, but that's not the case. You'd have to explicitly deny the permission. But you shouldn't do that. ARN Case Details Delete Restriction isn't an employee role (such as a sales clerk or a warehouse manager); you should think again about what is the position of the user and design the role accordingly. It sounds like you have users using case management in two different roles; one can delete cases and the other can't.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

🌸 Community Spring Festival 2025 Challenge 🌸

Quick Links

🌸 Community Spring Festival 2025 Challenge 🌸

WIN Power Platform Community Conference 2025 tickets!

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Kudos to the February Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 293,325 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 232,223 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,158 Moderator

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans