Skip to main content

Notifications

Announcements

Announcing Our 2025 Season 1 Super Users!
Announcing Forum Attachment Improvements!
News and Announcements icon
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Segregation of duties ...
Finance | Project Operations, Human Resources, ...
Suggested answer

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

(0) ShareShare
ReportReport
Posted on by Alexio Pfumai 344
Hi All,
We are implementing the Out-of-Box SOD functionality in D365FO. When resolving the conflicts by utilizing the Deny Assignment functionality, the system throws the error bellow:
/Cannot create a record in Security role (SecurityUserRole). The corresponding AOS validation failed./
 
Please assist
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 292,031 Super User 2025 Season 1 on at
    Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole
    Hi Alexio,
     
    You can't resolve SoD conflicts by setting Deny permissions. The framework is checking literally on the existence of duties in the roles. You can only create a role that does not have a particular duty attached to it. The SoD validation engine is not aware of any permissions linked to the Duty.
     
    You must define the risk and set rules to set which duties have conflicts in your environment for your business. When you have e.g. Maintain vendor master and Maintain vendor payment journals as conflicting duties, the SoD validation is not aware of the exact risk. It can only alert in case users gets roles having both duties. By setting deny permissions for e.g. vendor bank accounts, still the same duty is part of the role and will give you the error.
  • Suggested answer
    Kevin Xia Profile Picture
    Kevin Xia Microsoft Employee on at
    Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole
    Hi Alexio,
    According to the problem you described, it seems that you encountered a problem while operating on the table, you can troubleshoot the error according to this document: Dynamics Ax Live: What about the error 'The corresponding AOS validation failed' [27bd-e41a-467-195e] (dynamics-ax-live.blogspot.com).
    In addition, here are a few suggestions to help you better troubleshoot the issue:
    • Check permissions: Ensure that you have sufficient permissions to perform the Deny Assignment operation. Verify that your role and permissions are adequate to make modifications to security roles.
    • Verify AOS configuration: Validate the configuration of the Application Object Server (AOS) and check if the AOS is running properly. Ensure that the AOS is functioning correctly to perform validation and record creation.
    • Clean and recreate roles: Attempt to clean and recreate the relevant security roles. Delete the roles that have conflicts and then recreate them. Ensure that the correct permission configurations are used when recreating the roles.
    Best regards,
    Kevin

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Announcing Our 2025 Season 1 Super Users!
Announcing Forum Attachment Improvements!

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Congratulations to the January Top 10 leaders!

Check out the January community rock stars...

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,031 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,868 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans