web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / How to dynamically upd...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

How to dynamically update user's Business unit and Security Roles?

(0) ShareShare
ReportReport
Posted on by Dave Wi

Hello,

I have couple of Group Teams associated with Azure AD.

My requirement is as follows:

Whenever the user is added/removed from AD group, identify associated user's CDS team's "Security Role" and "Business Unit" and remove that security role from user and assign org level business unit to that user.

For example as indicated in following table:

Azure AD Group Users User's Security Role at Environment Level User's CDS Group Teams User's CDS BU Demo Group Team 1's  Security Role Demo Group Team 1's Business Unit
Demo AD Group 1 Demo User 1 CDS User Role + Environment Maker Role Demo Group Team 1 + Org Team Org BU Demo Security Role 1 Demo BU 1
  1. When "Demo User 1" is added in "Demo AD Group 1" in AAD, then "Demo User 1" should be updated with Demo Group Team 1's  Security Role and Demo Group Team 1's  Business unit.

  2. When "Demo User 1" is deleted in "Demo AD Group 1" in AAD, then "Demo User 1" should be removed with Demo Group Team 1's  Security Role and assign org level Business unit.

How can I implement above two actions dynamically?

Thanks,

I have the same question (0)
  • Ragnar Hilmarsson Profile Picture
    Ragnar Hilmarsson 3,427 on at
    RE: How to dynamically update user's Business unit and Security Roles?

    appsource.microsoft.com/.../arango.arangoum

  • Ronald Hulshof Profile Picture
    Ronald Hulshof on at
    RE: How to dynamically update user's Business unit and Security Roles?

    Were you able to find a solution on how to dynamically set the user's Business Unit based on its AAD Group memberships? I can probably do this with a Power Automate flow, but I cannot imagine that would be Microsoft's best practice? Any ideas?

  • PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at
    RE: How to dynamically update user's Business unit and Security Roles?

    HI.

    - You can assign roles to Teams in Dynamics, where the team is related to an Azure AD Security Group.  Team members won't show in dynamics until they login the next time and they receive security roles as long as the Security Roles are related to Teams and not User

    - Of course, you can use a powershell to assign/remove users from Security groups in AD and at the same time, connect to Dynamics and remove/assign the appropriate security role.  But this is a separated process that uses the API/POwershell and is not related to mapping Dynamics teams to Azure AD Groups.

  • Dawidvh Profile Picture
    Dawidvh on at
    RE: How to dynamically update user's Business unit and Security Roles?

    We should be able to allocate roles to a Dynamics team, that is linked though an Azure AD Object Id to a security or Office Group. This doesn't seem to be working though currently, although I am very sure this has worked before. Can anyone else confirm that this is working for them currently?

  • Dave Wi Profile Picture
    Dave Wi on at
    RE: How to dynamically update user's Business unit and Security Roles?

    Hi,

    I think, we can not assign "Security Role" to "AAD group" but we can assign to "Team" in CDS.

    and Team, does not reflect it's security role for its member for sure, at least that's how I have noticed and experienced.

    Is there any specific configuration I need to set up for Team/Security role so that whenever new user is added, It would adopt team's security role?

    Do you suggest to change the role/BU of user dynamically via PowerShell whenever new user is added into the team?

    Thanks,

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at
    RE: How to dynamically update user's Business unit and Security Roles?

    Hey Dave.

    There's a similar functionality using  AAD Security Groups within a Dynamics instance. If you assign a security role to an AAD Security Group, members will receive the same role:

    8666.pastedimage1595518815232v1.png

    Unfortunately this is only available using the "Classic Interface" and not the UI and has several limitations (nested security groups are not supported for example).  
    The other option is to use Powershell (a job that runs every hour or every day for example).  You have a Powershell AddOn on Sean's Github (https://github.com/seanmcne/Microsoft.Xrm.Data.PowerShell.Samples/tree/master/UserOperations) with similar scenarios:
    2746.pastedimage1595518939822v2.png

    Hope it helps!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
DAnny3211 Profile Picture

DAnny3211 215

#2
Abhilash Warrier Profile Picture

Abhilash Warrier 139 Super User 2025 Season 2

#3
Nimsara Jayathilaka. Profile Picture

Nimsara Jayathilaka. 123

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans