You’re offline. This is a read only version of the page.
Announcements
Any advice on how to create a Read Only User?
I've got a security role which provides the user with Read only access but when I put them in the Business Unit/ Team they should be in, they inherit all the security access from the team which in this instance is undesirable.
I think maybe I've just been looking at this problem the wrong way.
Thanks
We used a different approach and gave our “read only” users a Team Member license and assigned the appropriate Ream Member security role (Sales Team Member for example) and then I took away the few create/write privileges that come with that role. The license is a lot cheaper too.
Hi!
The AccessMode has 3 options: Read/Write, Administrative and Non-Interactive. The Read/Delegated administrator/Support access mode are related to specific roles (From Microsoft Support, Partners or API Access).
Your approach is quite good. But I would add a new layer:
you have a root Business unit, and a Team associated with this by default. If you assign a security role to this team/BU, everyone that is added to the enviroment will inherit such Security role. What you should aim, is that EVERYONE added by default, have this new&customized security role. Therefore, if users are added by "mistake", then the impact is reduced as they have only read access.
Then, you create a new Business Unit as a child, and move required users to this particular BU, and assign the appropriate security roles (Basic User, Sales person, Customer Service representative) that provides Create/Update/Delete permissions.
Regards
Just click on the "use rich formatting" then it will work.
Can you share a screenshot about the Access Mode. Because I did not understood what you trying to say.
yes, this is what I have done but i was hoping for a more elegant solution. This inheriting security roles is great (until it's not).
Thank you for your response.
Do you know anything about the "Read" option located under "Access Mode". I can see it from the Advanced Find area, but when I go onto a users record I can't see the option to select it. I only see Administrative, Non-interactive and Read-Write
Either you can create a new security role which will be having only read permissions(Minimum permission for work) and remove the user from the team which is having the permissions, so that user will not inherit the role.
Else you can implement a new BU B which is having an team A. and this team will have read permissions. Now make sure you can add your user to this BU. and if user needs more permissions then you can change the new BU with old one.
dynamics-chronicles.com/.../deep-dive-security-roles-dynamics-365
#1
André Arnaud de Cal...
294,017
Super User 2025 Season 1
#2
Martin Dráb
232,852
Most Valuable Professional
#3
nmaenpaa
101,158
Moderator
Share
Report
All responses (
Answers (
