web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Security Roles Configu...
Finance | Project Operations, Human Resources, ...
Suggested Answer

Security Roles Configuration Framework

(3) ShareShare
ReportReport
Posted on by RK-11091715-0 36
Hi everyone,
 
I’m currently working on strengthening our Security Roles Framework in D365 Finance & Operations, at a medical device company operating in a highly regulated environment (FDA, ISO, etc.).
 
We’re beyond just assigning roles; we’re trying to build a governance model that ensures traceability, compliance, and operational integrity. I’d love to hear how other organizations are approaching this. Specifically:
 
  • Do you use third-party tools to manage and audit security roles?
  • How do you govern role creation and changes?
  • Is there a formal approval process or version control?
  • Have you implemented Segregation of Duties (SoD) rules? If so, do you follow any industry-standard references or frameworks?
  • How do you handle temporary access, privileged user management, or role aging?
  • Are you leveraging Microsoft’s native governance features like the security audit trail, duty subtraction, or XML export/import?
We’ve conducted some research and understand that this isn’t just an operational issue, but requires a strategic approach as our company scales. Security roles touch compliance, risk, and business continuity. Any insights, lessons learned, or references would be greatly appreciated.
 
Thanks in advance!
Roni
Categories:
Dynamics 365 Finance
I have the same question (0)
  • CA Neeraj Kumar Profile Picture
    CA Neeraj Kumar 5,099 Super User 2026 Season 1 on at
    Hi Roni,
     
    Please confirm which ERP you are referring here? Is it D365 FO or some other?
     
    Regards,
    Neeraj Kumar
     
  • RK-11091715-0 Profile Picture
    RK-11091715-0 36 on at
    Hello Neeraj, 
     
    Thanks! I have just edited the original post to specify that detail. I am referring to D365 Finance & Operations.
     
    Cheers,
    Roni
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,995 Super User 2026 Season 1 on at
    Hi Roni,

    When I look at all the details in your question, I do assume your question is about Dynamics 365 Finance and Operations. Please confirm.
     
    Let me try to answer your questions.
     
    • Do you use third-party tools to manage and audit security roles?
      Some organizations are using the standard, some are using additional ISV solutions, like Fastpath by Delinea or Security and Compliance Studio by Staedean. I have worked with clients having one of these solutions or no ISV.
       
    • How do you govern role creation and changes?
      This is different implemented per organization and also depends on the presence of an ISV solution. Usually it should start with a request that will be reviewed and approved. 
       
    • Is there a formal approval process or version control?
      This is different implemented per organization and also depends on the presence of an ISV solution. Dynamics 365 F&O does since recent versions support a versioning concept. Also, there is an audit trail of changes. ISV solutions have a proven track in version management which is important for life science organizations like yours.
       
    • Have you implemented Segregation of Duties (SoD) rules? If so, do you follow any industry-standard references or frameworks?
      SoD is recommended for your business. The ISV solutions mentioned above provide a list of common SoD rules. An external auditor can also provide you with their view on SoD requirements.
       
    • How do you handle temporary access, privileged user management, or role aging?
      These are fairly new features in Dynamics 365 F&O. Temporary role assignment and privileged user management should start with a request followed by an approval. These are supported on forms where you maintain the requested access with a status.
      PS. What do you mean by "role aging"? 
       
    • Are you leveraging Microsoft’s native governance features like the security audit trail, duty subtraction, or XML export/import?
      The audit trail can be used to show external auditors about role changes in a particular period. ISV solutions also have specific compliancy reports. For moving security configuration changes from DEV to Sandbox to Production, the Export and import option is usually used to ensure a complete movement without forgetting objects. That prevents that role would be different in production compared to a DEV or sandbox.
     
    You are correct that the security implementation for life science companies is not just about clicking and assigning roles. This needs to be overthought and with the correct approach implemented. 
     
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,995 Super User 2026 Season 1 on at
    After finishing my reply, I found the confirmation that the question is about Dynamics 365 F&O. Moved the question from the Dynamics 365 General to the Dynamics 365 Finance forum.

    In case you want to learn more about specifics on Dynamics 365 F&O security, you can visit the blogs from Alex Meyer and me:
     
     
  • RK-11091715-0 Profile Picture
    RK-11091715-0 36 on at
    Hi André,
     
    Thanks for your response; it is very helpful. Also, the resources you provided will help me answer some questions. 
     
    When I say role aging, I refer to a situation where users accumulate access over time due to project shifts, temporary needs, or oversight.
     
    Without a process/control in place, I see:
    - Privilege creep: Users retain access they no longer need.
    - Audit failures: Inactive or misaligned roles trigger compliance issues.
    - SoD violations: Old roles may conflict with new responsibilities.
     
    Hope this clarifies. 
     
    Thanks,
    Roni
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 653

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 463 Super User 2026 Season 1

#3
Syed Haris Shah Profile Picture

Syed Haris Shah 308 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans