web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Security Roles Configu...
Finance | Project Operations, Human Resources, ...
Suggested answer

Security Roles Configuration Framework

(1) ShareShare
ReportReport
Posted on by RK-11091715-0 2
Hi everyone,
 
I’m currently working on strengthening our Security Roles Framework in D365 Finance & Operations, at a medical device company operating in a highly regulated environment (FDA, ISO, etc.).
 
We’re beyond just assigning roles; we’re trying to build a governance model that ensures traceability, compliance, and operational integrity. I’d love to hear how other organizations are approaching this. Specifically:
 
  • Do you use third-party tools to manage and audit security roles?
  • How do you govern role creation and changes?
  • Is there a formal approval process or version control?
  • Have you implemented Segregation of Duties (SoD) rules? If so, do you follow any industry-standard references or frameworks?
  • How do you handle temporary access, privileged user management, or role aging?
  • Are you leveraging Microsoft’s native governance features like the security audit trail, duty subtraction, or XML export/import?
We’ve conducted some research and understand that this isn’t just an operational issue, but requires a strategic approach as our company scales. Security roles touch compliance, risk, and business continuity. Any insights, lessons learned, or references would be greatly appreciated.
 
Thanks in advance!
Roni
Categories:
Dynamics 365 Finance
I have the same question (0)
  • RK-11091715-0 Profile Picture
    RK-11091715-0 2 on at
    Security Roles Configuration Framework
    Hi André,
     
    Thanks for your response; it is very helpful. Also, the resources you provided will help me answer some questions. 
     
    When I say role aging, I refer to a situation where users accumulate access over time due to project shifts, temporary needs, or oversight.
     
    Without a process/control in place, I see:
    - Privilege creep: Users retain access they no longer need.
    - Audit failures: Inactive or misaligned roles trigger compliance issues.
    - SoD violations: Old roles may conflict with new responsibilities.
     
    Hope this clarifies. 
     
    Thanks,
    Roni
     
     
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 297,670 Super User 2025 Season 2 on at
    Security Roles Configuration Framework
    After finishing my reply, I found the confirmation that the question is about Dynamics 365 F&O. Moved the question from the Dynamics 365 General to the Dynamics 365 Finance forum.

    In case you want to learn more about specifics on Dynamics 365 F&O security, you can visit the blogs from Alex Meyer and me:
     
     
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 297,670 Super User 2025 Season 2 on at
    Security Roles Configuration Framework
    Hi Roni,

    When I look at all the details in your question, I do assume your question is about Dynamics 365 Finance and Operations. Please confirm.
     
    Let me try to answer your questions.
     
    • Do you use third-party tools to manage and audit security roles?
      Some organizations are using the standard, some are using additional ISV solutions, like Fastpath by Delinea or Security and Compliance Studio by Staedean. I have worked with clients having one of these solutions or no ISV.
       
    • How do you govern role creation and changes?
      This is different implemented per organization and also depends on the presence of an ISV solution. Usually it should start with a request that will be reviewed and approved. 
       
    • Is there a formal approval process or version control?
      This is different implemented per organization and also depends on the presence of an ISV solution. Dynamics 365 F&O does since recent versions support a versioning concept. Also, there is an audit trail of changes. ISV solutions have a proven track in version management which is important for life science organizations like yours.
       
    • Have you implemented Segregation of Duties (SoD) rules? If so, do you follow any industry-standard references or frameworks?
      SoD is recommended for your business. The ISV solutions mentioned above provide a list of common SoD rules. An external auditor can also provide you with their view on SoD requirements.
       
    • How do you handle temporary access, privileged user management, or role aging?
      These are fairly new features in Dynamics 365 F&O. Temporary role assignment and privileged user management should start with a request followed by an approval. These are supported on forms where you maintain the requested access with a status.
      PS. What do you mean by "role aging"? 
       
    • Are you leveraging Microsoft’s native governance features like the security audit trail, duty subtraction, or XML export/import?
      The audit trail can be used to show external auditors about role changes in a particular period. ISV solutions also have specific compliancy reports. For moving security configuration changes from DEV to Sandbox to Production, the Export and import option is usually used to ensure a complete movement without forgetting objects. That prevents that role would be different in production compared to a DEV or sandbox.
     
    You are correct that the security implementation for life science companies is not just about clicking and assigning roles. This needs to be overthought and with the correct approach implemented. 
     
  • RK-11091715-0 Profile Picture
    RK-11091715-0 2 on at
    Security Roles Configuration Framework
    Hello Neeraj, 
     
    Thanks! I have just edited the original post to specify that detail. I am referring to D365 Finance & Operations.
     
    Cheers,
    Roni
  • CA Neeraj Kumar Profile Picture
    CA Neeraj Kumar 875 on at
    Security Roles Configuration Framework
    Hi Roni,
     
    Please confirm which ERP you are referring here? Is it D365 FO or some other?
     
    Regards,
    Neeraj Kumar
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Dynamics 365 Community Calls Return
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Sohaib Cheema Profile Picture

Sohaib Cheema 878 User Group Leader

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 681 Super User 2025 Season 2

#3
Martin Dráb Profile Picture

Martin Dráb 496 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans