Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Segregation of Duties ...
Finance | Project Operations, Human Resources, ...
Answered

Segregation of Duties (SOD)

(0) ShareShare
ReportReport
Posted on by Bhawna Bansal 42

Hi..

Requirement: 

How we can define different users with different legal entities ( Example : ADC Motors and TCS Motors) in which one legal entity (ADC Motors) allows the user to perform 2 duties added in SOD and other (TCS Motors) don't.

pastedimage1654327167552v1.png

Query:

1. What will be the best practice to achieve this functionality?

2. Is there any functionality available to restrict the addition of conflicting duties in SOD (after creation)?

3. Think it at the bigger level like 100 legal entities.

  • Bhawna Bansal Profile Picture
    Bhawna Bansal 42 on at
    RE: Segregation of Duties (SOD)

    Hi André, thank you for taking out time to resolve my query.

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 294,145 Super User 2025 Season 1 on at
    RE: Segregation of Duties (SOD)

    Hi Bhawna,

    Thanks for the clarification. You can indeed change the roles so they would violate against existing SoD rules. You can enable a periodic batch job (Verify compliance of user-role assignments with rules for segregation of duties)  which runs across existing security role assignments. This will create new records on the form unresolved conflicts in case the roles changed and there are new conflicts.

  • Bhawna Bansal Profile Picture
    Bhawna Bansal 42 on at
    RE: Segregation of Duties (SOD)

    Hi Andre,

    Thanks for your reply.

    My second question is :

    Is there any functionality available to restrict the addition of conflicting duties in roles after creation of SOD. As per my understanding OOB functionality of SoD is that it works as preventive control but my seniors told me that it is possible to add conflicting duties to roles after creation of SoD.

    So what will be the solution of that.

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 294,145 Super User 2025 Season 1 on at
    RE: Segregation of Duties (SOD)

    Hi Bhawna,

    A SoD rule is not company dependent. It will check it regardless any company context. If you need to have more permissions allowed in one legal entity, you can consider creating a separate duty containing more features and set rules to prevent adding this duty in combination with the two you listed. You would need to create different versions of the security role, like you listed in your example already.

    e.g. Create a third duty "Approve Vendor Invoices and Payments".

    You can then set three SoD rules:

    Approve Vendor Invoices <> Approve Vendor Payment Transactions

    Approve Vendor Invoices <> Approve Vendor Invoices and Payments

    Approve Vendor Payment Transactions <> Approve Vendor Invoices and Payments

    Can you explain your second question? Is this about changes to security roles, SoD rules or role assignments?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

🌸 Community Spring Festival 2025 Challenge 🌸

WIN Power Platform Community Conference 2025 tickets!

Jonas ”Jones” Melgaard – Community Spotlight

We are honored to recognize Jonas "Jones" Melgaard as our April 2025…

Kudos to the March Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 294,145 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 232,896 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,158 Moderator

Leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans