Dynamics Community Forum Thread Details

AZURE ACTIVE DIRECTORY ROLES AND SECURITY IN DYNAMICS 365 FOR FINANCE AND OPERATIONS

Hello,
Currently we have all 365 users with Full type license, but this year we have acquired Activity and Project type licenses.

These two licenses, according to Microsoft information, have limitations when it comes to perform certain actions such as recording sales or purchase orders or record accounting journals as this type of functionality are associated with the license type Finance.
Two groups have been created in the AAD, Activity and Project, and the corresponding users have been included in them. These users have their corresponding licenses associated in the AAD.

In D365FO these groups have been imported, after activating the configuration called Active Directory security group. We followed the steps indicated in this blog https://dynamicspedia.com/2019/09/how-to-use-azure-active-directory-for-managing-users-and-security-in-dynamics-365-for-finance-and-operations/

To these groups we have assigned our roles, it should be mentioned that we use roles created by us and not the standard ones of the system.
To the users, that were already imported in D365FO, we have associated these same roles and we have tried to register with a user that had the Project license in AAD and we have been able to register without any problem. The same with a user with Activity license.

With these verifications we have the following doubts:

- The license acquired and assigned to the user in AAD has no impact on the application?
- Is it the security roles that determine what can or cannot be done in the system?
- What does a Project license and an Activity license allow me to do?

Thanks!

Marina

Categories:

Administration and Setup

Other

Hi Marina,

This is a great question and thanks for reading my blog.

Currently, there is no link between available functionality in Dynamics 365 F&O and the assigned licenses. You are correct that the security roles will grant access to functionality in the system. This is at this moment without the link between the license in AAD and intended available features per license. Despite there is no enforcement, you should be compliant according to the license agreement. All details about intended functionality per license SKU (e.g. Project Operations and Activity) is listed in the Dynamics 365 Licensing Guide.

In the application the license details for the full user roles are maintained in a system table storing privileges and the required SKU. Details for Activity and Team members are maintained on the menu items. The security framework knows by checking these details what would be the required license per role. You can view the license requirement when you navigate to the Security configuration page. If you select a role and click View permissions, you will see the required license.

Quick Links

Leaderboard