Skip to main content

Notifications

Announcements

No record found.

Finance | Project Operations, Human Resources, ...
Suggested answer

Security Configuration - Copy of the Sys admin role

(1) ShareShare
ReportReport
Posted on by 24
Hi,
 
I am a newbie to the Dynamics 365 Finance administration world and am trying to create a copy of the system administrator role. I used the Duplicate option to do this but when I tested the role, it did not exactly do what was expected rather nothing happened. If the system does not permit duplication of the system administrator role, then is there any link or post which helps understand how to create a special role which mimics a system admin role.
 
The objective is to take away the sys admin role from users and grant them this special role which could be a lite version of the system admin role. Any tips, tricks and suggestions welcome. Thanks. 
  • Martin Dráb Profile Picture
    Martin Dráb 230,466 Most Valuable Professional on at
    Security Configuration - Copy of the Sys admin role
    You surely could create a new role and assign all existing duties or privileges to it (instead of trying to duplicate a SysAdmin role, which doesn't have any permissions assigned, because it doesn't need them). But you shouldn't. It also doesn't meet your requirements. You want "a role that manages Finance related functions" therefore assigning all the non-finance permissions goes against your stated requirements. A financial super user shouldn't have permissions to create new users, change AOS performance settings, post warehouse journals and so on.
     
    I suggest you start with an extension or a copy of an existing role granting significant permissions for finance-related tasks, such as Financial controller, and add other finance-related duties that you identify as needed for the new role.
  • AS-30040337-0 Profile Picture
    AS-30040337-0 24 on at
    Security Configuration - Copy of the Sys admin role
    Thank you for your suggestions and comments, Kevin and Martin. I understand your concerns and I share the same.
     
    The objective in our case is to have a super role in the Finance team. The idea to give all privileges first and then chip away at this super role to arrive at an optimum level so that this role manages Finance related functions as a super user.
     
    I was hoping that creating a duplicate of the System Administrator role will reveal all the privileges so that some of these can be taken away step by step but FinOps administration is a bit odd for me. The duplicate role like I said did not reveal anyting int terms of duties or privileges. Dynamics 365 CE has this capability where you can make a copy of the System Administrator role and remove privileges, for example, sharing or deleting records. 
     
    I hope I have given some more clarity in terms of what I am aiming at and would appreciate your views in this regard. Thanks again! 
     
  • Kevin Xia Profile Picture
    Kevin Xia Microsoft Employee on at
    Security Configuration - Copy of the Sys admin role
    Hi,
    As Martin said, granting most users the role of system administrator is not recommended, which means that there are no restrictions on everyone in the system, and they can do a lot beyond their authority and responsibilities. You can check out this official document: Role-based security - Finance & Operations | Dynamics 365 | Microsoft LearnIn role-based security, access is not granted to individual users, only to security roles. Users are assigned to roles. A user who is assigned to a security role has access to the set of privileges that is associated with that role. A user who is not assigned to any role has no privileges.
    It is recommended to distinguish business scenarios, sort out different permissions based on business scenarios, create different roles based on permissions, and assign roles to different users.
    Best regards,
    Kevin
  • Suggested answer
    Martin Dráb Profile Picture
    Martin Dráb 230,466 Most Valuable Professional on at
    Security Configuration - Copy of the Sys admin role
    System admin is a special role that basically ignores security.
     
    Giving all users all permissions is indeed a bad idea. It's dangerous - everyone can change, delete or post anything (intentionally or by mistake destroying crucial data), create and approve transfer of money, export and sell sensitive data and so on. Even a "lite" system admin would have the same problem.
     
    Having access to everything also makes the system more difficult to use, e.g. users must find menu items they need among all the ones that they're irrelevant for them.
     
    What you should do is analyzing what permissions which user need and assign just these permissions (through user roles). Start with the default roles, such as Sales clerk, and modify them as needed.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December

Congratulations to our December super stars! 🥳

Start Your Super User Journey

Join the ranks of our community heros! 🦹

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,735 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,466 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans