Finance | Project Operations, Human Resources, ...

Docs on each security role

(0) Share

Report

Posted on by Maxw

100

I want to get official security docs to know the recommendation of how each security role be used.

Like if you want to assign a Task to a user, I want to know what security role I should assign to a user.

Please suggest documents where each security role's description are written.

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

Sukrut Parab 71,710 Moderator on at

Like (0)

Report

Below link will give you some idea but the link is for AX 2012 so its possible that some of the information may not be application for F&O. Also in F&O there may be some additional roles added which are not present in the list below.

docs.microsoft.com/.../security-role-reference

If you Visit the security configuration forms , You can see the Duties , privileges etc of the role , see the description of the duties to see what duties roles can perform.

Was this reply helpful? Yes No
Suggested answer

Junaid Idrees on at

Like (0)

Report

Hi Maxw,

1. At first place please read the below document to understand the security structure in D365 FO:

docs.microsoft.com/.../security-architecture

2. Below is Microsoft official document to retrieve all out of the box security reports to help you out in deciding which role/privilege/duty to assign to business users.

docs.microsoft.com/.../security-reports

You can use an Excel file as the print destination to export all these reports.

Was this reply helpful? Yes No
Blue Wang on at

Like (0)

Report

Hi Maxw,

1.F&O already contains a report with the information: System administration > Inquiries > Security > Role to user assignments.

2.If you can access dev VM, you can go to Visual Studio Dynamics 365 -> Addins -> View related roles for all duties. then you can export all privileges duties and roles to excel spreadsheet.

https://community.dynamics.com/365/financeandoperations/b/howtodynamics365/posts/how-to-view-related-roles-for-all-duties-related-objects-and-license-for-all-roles-in-dynamics-365

Was this reply helpful? Yes No
Suggested answer

André Arnaud de Cal... 301,134 Super User 2025 Season 2 on at

Like (2)

Report

Hi Maxw,

Security implementation is something that needs some attention. The documentation starts with describing your own organization. You need to know yourself what different roles you want to implement and what segregation of duties needs to be in place. When you then compare your organization with the standard security roles, you will find out that the standard security objects are in many cased too far away from your requirements. You can consider the roles as examples and duties and privileges as Lego blocks. In my experience only a few roles were used from the standard.

Then it starts with creating your own roles. This can be done in Visual Studio or using the Security configuration page. When you have defined your roles, you might already have documented what you needed to achieve and this could be a base for documentation. Otherwise, have a look at the replies above where there are some tips to get it from the meta data. Some of the tips are not helping you correctly; depending if you use the configuration or development approach.

Getting a full document what is possible with a role is in my opinion a utopia. In fact, you should then have a list with all menu items and the permissions. This because when you make changes to standard objects, it might have an Inquiry word in the title, but the effective access is full control. Auditors will be confused with the labels of duties and privileges. Now we have used the word 'documentation' and 'auditors'.

In my opinion, you should have a correct description with possible some additional details if there are important or sensitive access levels in a specific role. Like, in this role, a user can maintain vendor master data, but creation of the bank account is limited as this is part of a finance role.

The auditors will ask questions like who can maintain vendor payment journals, who can approve and post invoices, who can create vendor bank accounts. They want to be sure that there are segregation of duties in place to prevent committing fraud.

The level of information required for your operation to assign security roles or to answer questions from the auditors are different. The first option can be achieved to provide a description per role. For the second part, it will be hard as there is no out of the box inquiry form to analyze on the object level what is the current status in the production environment with both changes in Visual Studio and the configuration option. For this, there are some ISV solutions which can help you answering the questions in detail: appsource.microsoft.com/.../apps

Was this reply helpful? Yes No
Suggested answer

nmaenpaa 101,162 Moderator on at

Like (0)

Report

You can find all permissions for a role in Security configuration form in System administration module. Select a role, then click View permissions. As you will notice, the list is very long, even tens of thousands of entries, and not very useful for most purposes. But that's the documentation of the exact contents of the security role.

Was this reply helpful? Yes No