web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Best Practices: Assign...
Microsoft Dynamics 365 | Integration, Dataverse...
Unanswered

Best Practices: Assigning Security Roles & privileges

(2) ShareShare
ReportReport
Posted on by SErf 659

Hi,

we are right now redefining our Security Roles structure and I wondered what is the best practice to assign roles to users.

Our organization works with the following job descriptions:

Sales:

- Sales Manager

- Sales Clerk

Customer Service:

- Support Manager

- Support Clerk

Finance:

- Quote Backoffice

- Order Management

- Invoice Management

My idea now was to create a Team for each job description.

So e.g. there is one team: "Sales Clerks" and I assign the team all necessary security roles. And assign the members to that team. 

- Do I need to use the Team-based "Security Roles" or "Direct User" access levels for this to work?

- Is this a good idea? What are your solutions?

- It is certainly easier to just assign a new employee to a Team  than setting up security roles individually

- Should we use Azure AD Groups in any way?

- Any resources regarding this topic that I should read?

Thanks.

I have the same question (0)
  • Ana Pereira Profile Picture
    Ana Pereira on at
    RE: Best Practices: Assigning Security Roles & privileges

    Hi, 

    I think this documentation will assist you on your questions

    https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges#team-members-privilege-inheritance

    Teresa

  • SA-30061402-0 Profile Picture
    SA-30061402-0 37 on at
    Best Practices: Assigning Security Roles & privileges
    You may find this excellent series of blog posts useful, from Guowei Xu
     
     
    Particularly the section on security roles
     
    Key takeaways from his post are:
     
    1. To control data access, you must set up an organizational structure that both protects sensitive data and enables collaboration.
    2. To ensure that users can view and access all areas of the web application, such as entity forms, the nav bar, or the command bar, all security roles in the organization must include the Read privilege on the Web Resource
     

    Not Recommended

    1. Creating a new security role from scratch will cause a lot of problems.
    2. Don’t Rename an existing security role.
    3. Don’t change the default roles. There is no reason to do that.
     
    Some of the ways we can achieve best practice in assigning and utilising RBAC are:
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Sahan Hasitha Profile Picture

Sahan Hasitha 271

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 91 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 76 User Group Leader

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans