Finance | Project Operations, Human Resources, ...

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

(0) Share

Report

Posted on by Alexio Pfumai

344

Hi All,

We are implementing the Out-of-Box SOD functionality in D365FO. When resolving the conflicts by utilizing the Deny Assignment functionality, the system throws the error bellow:

/Cannot create a record in Security role (SecurityUserRole). The corresponding AOS validation failed./

Please assist

I have the same question (0)

All responses (3)

Answers (0)

Suggested answer

Kevin Xia Microsoft Employee on at

Like (0)

Report
Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

Hi Alexio,

According to the problem you described, it seems that you encountered a problem while operating on the table, you can troubleshoot the error according to this document: Dynamics Ax Live: What about the error 'The corresponding AOS validation failed' [27bd-e41a-467-195e] (dynamics-ax-live.blogspot.com).

In addition, here are a few suggestions to help you better troubleshoot the issue:

Check permissions: Ensure that you have sufficient permissions to perform the Deny Assignment operation. Verify that your role and permissions are adequate to make modifications to security roles.

Verify AOS configuration: Validate the configuration of the Application Object Server (AOS) and check if the AOS is running properly. Ensure that the AOS is functioning correctly to perform validation and record creation.

Clean and recreate roles: Attempt to clean and recreate the relevant security roles. Delete the roles that have conflicts and then recreate them. Ensure that the correct permission configurations are used when recreating the roles.

Best regards,

Kevin

Was this reply helpful? Yes No
Suggested answer

André Arnaud de Cal... 300,206 Super User 2025 Season 2 on at

Like (0)

Report

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

Hi Alexio,

You can't resolve SoD conflicts by setting Deny permissions. The framework is checking literally on the existence of duties in the roles. You can only create a role that does not have a particular duty attached to it. The SoD validation engine is not aware of any permissions linked to the Duty.

You must define the risk and set rules to set which duties have conflicts in your environment for your business. When you have e.g. Maintain vendor master and Maintain vendor payment journals as conflicting duties, the SoD validation is not aware of the exact risk. It can only alert in case users gets roles having both duties. By setting deny permissions for e.g. vendor bank accounts, still the same duty is part of the role and will give you the error.

Was this reply helpful? Yes No
spindaddy56 2 on at

Like (0)

Report

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

Did you ever find a solution to this?
Cannot edit a record in Security user role (SecurityUserRole). The corresponding AOS validation failed.

Was this reply helpful? Yes No

Join the conversation

Community site session details

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

Helpful resources

Quick Links

Responsible AI policies

Pallavi Phade – Community Spotlight

Congratulations to the October Top 10 Community Leaders!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

Featured topics

Product updates

Community site session details

Segregation of duties violations error: Cannot create a record in Security role (SecurityUserRole

Helpful resources

Quick Links

Responsible AI policies

Pallavi Phade – Community Spotlight

Congratulations to the October Top 10 Community Leaders!

Subscribe to this forum!

Select categories

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

Featured topics

Product updates