Dynamics Community Forum Thread Details

Creating new security duties/roles and Security diagnostics for task recordings

We are trying to create a series of new roles for user who have limited use of the system so that there privileges only give them access to complete the tasks they need to as currently the out the box roles have a lot more than the user requires. This is partly to limit access for security reasons and partly due to licencing costs differing for some roles. It should also help the more basic user by them have access to fewer screens so be easier to find what they use.

In order to do this we have attempted to use the task recording and the security diagnostic tools. As a very basic example we have a few users who all the do is receive transfer orders. we created a recording of what they do and used the diagnostic tool to identify the privileges required for this

From this i have then created a duty with these 2 privileges and assigned these to a new role which currently has nothing else. I have then granted this to a user along with the system user role to test however we have straight away found this doesn't work as the cannot see the stock management module to access the transfer order screen. Am i missing something extra that is required to give them access to the menu that the security diagnostic tool is not telling us?

Hi.

Overall your approach to security sounds solid.

For your information going forward, please be aware that the security diagnostics tool unfortunately does not show all the menu items in your task recordings.

For reference there are three different menu item types:

- Display

- Output

- Action

The security diagnostics tool only shows display menu items, so any other menu items you interacted with will not show.

In your particular case, I think you are experiencing an issue caused by standard Microsoft properties, which means that the menu will not always show, even though a form resides within this module.

You will either require a code change to allow the module to always show, or find another privilege which can be added to the duty/role you created.

I suggest that you find another relevant privilege, which will make the module available, without granting access to areas the users should not have access to.

I had a look at the privileges "View transfer order history" and "View transfer journals", which will grant access to the module and hopefully the access granted can also be useful to the users. That is just a suggestion, but could be relevant for you.

Nikolaj

Quick Links

Leaderboard > Supply chain | Supply Chain Management, Commerce