Notifications
Announcements
No record found.
Hi,
We are creating new security roles, for example, we need a super user role which include all duties apart from Developer access. However, when we create this role, it seems we need to reference most of the models. I am not sure if this is the right approach. And I am thinking if it really requires to reference a lot of models, should I create a separate model only for security development?
Thanks,
Hi Yuji,
Why don't you create the new roles in the UI.
The role(super user) have to reference almost every model.
Please refer to the link about create roles in D365.
www.powerobjects.com/.../
If you are creating the role in Visual Studio, then indeed you have to reference all related models. However, in Dynamics 365 there is already a split between the application and development environment. There is no option to access the AOT from the user client anymore.
How about simply creating a new role in the user interface and including all standard roles as sub-roles for your role? No need for development, and no need for worrying about new duties that MS publishes and assigns to the existing roles.
This would be like 5 min of work for you.
Does it mean, if I create a new role to include new duties and privileges - this needs to be done via developer (AOT access and also reference all the models).
If I create a new role to include all the roles as a sub role - this is a configuration, not a development?
You can do both scenarios either by development or configuration (in Security Configuration form). If you do it via development, the ALM (Application Lifecycle Management) is much better since you have a change history in your source control, seeing reason for every change. And you can easily revert to older versions.
On the other hand, configuring it in the UI is much faster and doesn't require a developer.
You can choose which one suits your business needs better.
How come when we use sub-role approach, we don't need to reference all the other models (Cost accounting, DOM) in our new custom model?
If you want to refer to an object that exist in another package (model) you need to reference that package / model.
So, you need to have reference to all models where the standard roles exist, if you wish to develop a role that contains all the standard roles.
Your code (or role) don't see outside your package unless you add references. So you can't use stuff from other packages / models without adding a reference.
Role is a collection of duty, duty is to take charge of some forms.
Duty is a collection of privileges, the privilege is to do something like saving or modifing.
You can configure all of them in the UI.
Create them in AOT or UI? the following blogs are useful :
https://ievgensaxblog.wordpress.com/2016/11/21/role-based-security-in-dynamics-365-for-operations-what-changed-and-what-stayed-the-same/.
https://ievgensaxblog.wordpress.com/2016/11/21/role-based-security-in-dynamics-365-for-operations-export-security-changes-and-security-diagnostics-tool/
HI Yuji,
My question again: Why are you creating a new role if there is already a split between development and the web client? A person should get separate permissions to join a DevOps project and access the AOT in Visual Studio.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Abhilash Warrier 669 Super User 2025 Season 2
André Arnaud de Cal... 449 Super User 2025 Season 2
Martin Dráb 384 Most Valuable Professional
