web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Security Configuration...
Finance | Project Operations, Human Resources, ...
Suggested Answer

Security Configuration - Copy of the Sys admin role

(1) ShareShare
ReportReport
Posted on by AS-30040337-0 30
Hi,
 
I am a newbie to the Dynamics 365 Finance administration world and am trying to create a copy of the system administrator role. I used the Duplicate option to do this but when I tested the role, it did not exactly do what was expected rather nothing happened. If the system does not permit duplication of the system administrator role, then is there any link or post which helps understand how to create a special role which mimics a system admin role.
 
The objective is to take away the sys admin role from users and grant them this special role which could be a lite version of the system admin role. Any tips, tricks and suggestions welcome. Thanks. 
I have the same question (0)
  • Suggested answer
    Martin Dráb Profile Picture
    Martin Dráb 237,880 Most Valuable Professional on at
    System admin is a special role that basically ignores security.
     
    Giving all users all permissions is indeed a bad idea. It's dangerous - everyone can change, delete or post anything (intentionally or by mistake destroying crucial data), create and approve transfer of money, export and sell sensitive data and so on. Even a "lite" system admin would have the same problem.
     
    Having access to everything also makes the system more difficult to use, e.g. users must find menu items they need among all the ones that they're irrelevant for them.
     
    What you should do is analyzing what permissions which user need and assign just these permissions (through user roles). Start with the default roles, such as Sales clerk, and modify them as needed.
  • Kevin Xia Profile Picture
    Kevin Xia Microsoft Employee on at
    Hi,
    As Martin said, granting most users the role of system administrator is not recommended, which means that there are no restrictions on everyone in the system, and they can do a lot beyond their authority and responsibilities. You can check out this official document: Role-based security - Finance & Operations | Dynamics 365 | Microsoft LearnIn role-based security, access is not granted to individual users, only to security roles. Users are assigned to roles. A user who is assigned to a security role has access to the set of privileges that is associated with that role. A user who is not assigned to any role has no privileges.
    It is recommended to distinguish business scenarios, sort out different permissions based on business scenarios, create different roles based on permissions, and assign roles to different users.
    Best regards,
    Kevin
  • AS-30040337-0 Profile Picture
    AS-30040337-0 30 on at
    Thank you for your suggestions and comments, Kevin and Martin. I understand your concerns and I share the same.
     
    The objective in our case is to have a super role in the Finance team. The idea to give all privileges first and then chip away at this super role to arrive at an optimum level so that this role manages Finance related functions as a super user.
     
    I was hoping that creating a duplicate of the System Administrator role will reveal all the privileges so that some of these can be taken away step by step but FinOps administration is a bit odd for me. The duplicate role like I said did not reveal anyting int terms of duties or privileges. Dynamics 365 CE has this capability where you can make a copy of the System Administrator role and remove privileges, for example, sharing or deleting records. 
     
    I hope I have given some more clarity in terms of what I am aiming at and would appreciate your views in this regard. Thanks again! 
     
  • Martin Dráb Profile Picture
    Martin Dráb 237,880 Most Valuable Professional on at
    You surely could create a new role and assign all existing duties or privileges to it (instead of trying to duplicate a SysAdmin role, which doesn't have any permissions assigned, because it doesn't need them). But you shouldn't. It also doesn't meet your requirements. You want "a role that manages Finance related functions" therefore assigning all the non-finance permissions goes against your stated requirements. A financial super user shouldn't have permissions to create new users, change AOS performance settings, post warehouse journals and so on.
     
    I suggest you start with an extension or a copy of an existing role granting significant permissions for finance-related tasks, such as Financial controller, and add other finance-related duties that you identify as needed for the new role.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 611 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 529 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 285 User Group Leader

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans