web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Best Practices: Assign...
Microsoft Dynamics 365 | Integration, Dataverse...
Unanswered

Best Practices: Assigning Security Roles & privileges

(2) ShareShare
ReportReport
Posted on by SErf 659

Hi,

we are right now redefining our Security Roles structure and I wondered what is the best practice to assign roles to users.

Our organization works with the following job descriptions:

Sales:

- Sales Manager

- Sales Clerk

Customer Service:

- Support Manager

- Support Clerk

Finance:

- Quote Backoffice

- Order Management

- Invoice Management

My idea now was to create a Team for each job description.

So e.g. there is one team: "Sales Clerks" and I assign the team all necessary security roles. And assign the members to that team. 

- Do I need to use the Team-based "Security Roles" or "Direct User" access levels for this to work?

- Is this a good idea? What are your solutions?

- It is certainly easier to just assign a new employee to a Team  than setting up security roles individually

- Should we use Azure AD Groups in any way?

- Any resources regarding this topic that I should read?

Thanks.

I have the same question (0)
  • Ana Pereira Profile Picture
    Ana Pereira on at

    Hi, 

    I think this documentation will assist you on your questions

    https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges#team-members-privilege-inheritance

    Teresa

  • SA-30061402-0 Profile Picture
    SA-30061402-0 37 on at
    You may find this excellent series of blog posts useful, from Guowei Xu
     
     
    Particularly the section on security roles
     
    Key takeaways from his post are:
     
    1. To control data access, you must set up an organizational structure that both protects sensitive data and enables collaboration.
    2. To ensure that users can view and access all areas of the web application, such as entity forms, the nav bar, or the command bar, all security roles in the organization must include the Read privilege on the Web Resource
     

    Not Recommended

    1. Creating a new security role from scratch will cause a lot of problems.
    2. Don’t Rename an existing security role.
    3. Don’t change the default roles. There is no reason to do that.
     
    Some of the ways we can achieve best practice in assigning and utilising RBAC are:
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
#ManoVerse Profile Picture

#ManoVerse 93

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#3
Martin Dráb Profile Picture

Martin Dráb 62 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans