I am a newbie to the Dynamics 365 Finance administration world and am trying to create a copy of the system administrator role. I used the Duplicate option to do this but when I tested the role, it did not exactly do what was expected rather nothing happened. If the system does not permit duplication of the system administrator role, then is there any link or post which helps understand how to create a special role which mimics a system admin role.
The objective is to take away the sys admin role from users and grant them this special role which could be a lite version of the system admin role. Any tips, tricks and suggestions welcome. Thanks.
Security Configuration - Copy of the Sys admin role
You surely could create a new role and assign all existing duties or privileges to it (instead of trying to duplicate a SysAdmin role, which doesn't have any permissions assigned, because it doesn't need them). But you shouldn't. It also doesn't meet your requirements. You want "a role that manages Finance related functions" therefore assigning all the non-finance permissions goes against your stated requirements. A financial super user shouldn't have permissions to create new users, change AOS performance settings, post warehouse journals and so on.
I suggest you start with an extension or a copy of an existing role granting significant permissions for finance-related tasks, such as Financial controller, and add other finance-related duties that you identify as needed for the new role.
Security Configuration - Copy of the Sys admin role
Thank you for your suggestions and comments, Kevin and Martin. I understand your concerns and I share the same.
The objective in our case is to have a super role in the Finance team. The idea to give all privileges first and then chip away at this super role to arrive at an optimum level so that this role manages Finance related functions as a super user.
I was hoping that creating a duplicate of the System Administrator role will reveal all the privileges so that some of these can be taken away step by step but FinOps administration is a bit odd for me. The duplicate role like I said did not reveal anyting int terms of duties or privileges. Dynamics 365 CE has this capability where you can make a copy of the System Administrator role and remove privileges, for example, sharing or deleting records.
I hope I have given some more clarity in terms of what I am aiming at and would appreciate your views in this regard. Thanks again!
Security Configuration - Copy of the Sys admin role
Hi,
As Martin said, granting most users the role of system administrator is not recommended, which means that there are no restrictions on everyone in the system, and they can do a lot beyond their authority and responsibilities. You can check out this official document: Role-based security - Finance & Operations | Dynamics 365 | Microsoft Learn. In role-based security, access is not granted to individual users, only to security roles. Users are assigned to roles. A user who is assigned to a security role has access to the set of privileges that is associated with that role. A user who is not assigned to any role has no privileges.
It is recommended to distinguish business scenarios, sort out different permissions based on business scenarios, create different roles based on permissions, and assign roles to different users.
Best regards,
Kevin
Suggested answer
Martin Dráb230,466Most Valuable Professional
on at
Security Configuration - Copy of the Sys admin role
System admin is a special role that basically ignores security.
Giving all users all permissions is indeed a bad idea. It's dangerous - everyone can change, delete or post anything (intentionally or by mistake destroying crucial data), create and approve transfer of money, export and sell sensitive data and so on. Even a "lite" system admin would have the same problem.
Having access to everything also makes the system more difficult to use, e.g. users must find menu items they need among all the ones that they're irrelevant for them.
What you should do is analyzing what permissions which user need and assign just these permissions (through user roles). Start with the default roles, such as Sales clerk, and modify them as needed.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.