1. To-Increase Dynamics 365 for Finance & Operations
  2. Security and compliance studio
  3. Manage security

Manage security roles

All users must be assigned to at least one security role in order to have access to Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view.
For more information, refer to Role-based security.


Security administrator Security administrator Manage security scenarios

Manage security scenarios and match roles

You can use security scenarios to record and define all securable objects and related access levels that are required for a user to perform one or more tasks.
You can create a security role in several ways. In the Security and compliance studio, you can record the working tasks for a target user. The recording results are stored in a security scenario. You can use this security scenario to fine-tune all securable objects and related access levels that are required for the target user to perform the working tasks.
If the security scenario is complete, you can search for a role that matches the security scenario. If no perfect match is found, you can create a security role for the security scenario in several ways. You can link the matched or new security role to the applicable users.


 Create security role from duties and privileges Create security role from duties and privileges All users must be assigned to at least one security role to have access to Dynamics 365 for Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view. You can use the Create role wizard to create a security role for selected privileges and duties. You can select: Privileges from a list of unallocated privileges. These privileges are not directly allocated to a security role and not indirectly (via a duty) allocated to a security role. Privileges from a list of all privileges. Duties from a list of all duties. To have an up-to-date set of duties and privileges to select from, you can update the user license types before you select duties and privileges for a new role. This procedure explains how to create a security role based on a selection of privileges and duties. Procedure 1. Click Security management. 2. Click Create role. 3. Sub-task: Calculate user license types. 4. Click Calculate user license types. 5. Sub-task: Select unallocated privileges. 6. Click Load unallocated privileges. 7. In the list, select the unallocated privileges to be added to the new role. 8. Click Add to selection. 9. Sub-task: Select privileges. 10. Click Next. 11. In the list, select the privileges to be added to the new role. 12. Click Add to selection. 13. Sub-task: Select duties. 14. Click Next. 15. In the list, select the duties to be added to the new role. 16. Click Add to selection. 17. Sub-task: Enter role name. 18. Click Next. 19. In the Role name field, type a value. 20. In the Role description field, type a value. 21. Sub-task: Review and finish role creation. 22. Click Next. 23. On the Summary page, review the role to be created and the duties and privileges to be added to this role. 24. Click Finish. Note: Once the security role is created, it is validated automatically to verify if it complies with the segregation of duties rules. If enhanced segregation of duties rules are enabled, the role is validated against the enhanced segregation of duties rules. 25. Click Yes. Create security role Create security role Each user must be assigned to at least one security role to have access to Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view. This topic explains how to create a security role. Procedure 1. Click Security management. 2. Click Roles. 3. Click Create new. 4. In the Name field, type a value. 5. Click OK. 6. Sub-task: Add references. 7. In the References pane, in the list, find and select the desired reference type. In this case: Privileges. 8. In this example, you add an existing privilege. Click Add references. Note: You can also create a new privilege and add it to the role. To do so, click Create new and add reference. 9. On the dialog, in the list, find and select the desired records. 10. Click OK. Note: Once the security role is created, it is validated automatically to verify if it complies with the segregation of duties rules. If enhanced segregation of duties rules are enabled, the role is validated against the enhanced segregation of duties rules. 11. Sub-task: Publish new role. 12. On the Security configuration page, click the Unpublished objects tab. 13. In the list, select the new role. 14. Click Publish selection. 15. Click Close. Start Start Duplicate security role Duplicate security role Consider creating a subset of security roles that are actually used in your company. This way, the security administrator has a better overview of the security roles that are used in your company. This topic explains how you can create an exact copy of a security role. Procedure 1. Click Security management. 2. Click the Roles tab. 3. In the list, find and select the desired record. 4. Click Duplicate role. 5. In the Role Name field, type a value. 6. In the Description field, type a value. 7. Click OK. Note: Once the security role is created, it is validated automatically to verify if it complies with the segregation of duties rules. If enhanced segregation of duties rules are enabled, the role is validated against the enhanced segregation of duties rules. How to create  a security role? How to create  a security role? Merge  security roles? Merge  security roles? Merge security roles

Merge security roles

You can merge existing security roles into another existing security role or a new security role.

 Inactivation or activation  of security role required? Inactivation or activation  of security role required? Inactivate or activate security roles Inactivate or activate security roles When changes to a security role are required, you can choose to create a new version of it. In this case, the previous version of the security role must become inactive. So, it can't be assigned to users anymore.Before you inactivate a security role, make sure it's not assigned to any user. If you inactivate a security role that is still assigned to users, you get an error message listing the users to which it is assigned.You can also activate an inactive security role. Procedure 1. Click Security management. 2. Click the Roles tab. 3. Sub-task: Inactivate security role. 4. In the list, find and select the desired active security roles. 5. Click Mark active/inactive role. Note: As a result, the selected security roles are added to the list of inactive security roles. 6. Close the page. 7. Sub-task: Activate security roles. 8. In the list, find and select the desired inactive security roles. 9. Click Mark active/inactive role. Note: As a result, the selected security roles are deleted from the list of inactive security roles. 10. Close the page. Notes You can also manually inactivate or activate security roles. Go to Security and compliance > Security > Inactive security roles. To inactivate, add a security role and to activate delete a security role. Add read table  permissions? Add read table  permissions? Add table read permissions to role or privilege Add table read permissions to role or privilege To any role or privilege, you can add read permissions for all tables or a selection of tables. You can add table read permissions to a role or a privilege. In this task guide, the permissions are added to a role. Procedure 1. Go to Security and compliance > Periodic tasks > Add table permissions to role or privilege. 2. In the Privilege name field, enter or select a value. 3. Select Yes in the Overwrite access level field. 4. Expand the Records to include section. 5. Click Filter. 6. Click Add. 7. In the Field field, enter or select a value. 8. In the Criteria field, type a value. 9. Click OK. 10. Click OK. 11. Click Yes. End End From  scenario From duties  and privileges Manually Duplicate No Yes Yes No Yes No

Activities

Name Responsible Description

Manage security scenarios

Security administrator

 		You can use security scenarios to record and define all securable objects and related access levels that are required for a user to perform one or more tasks.
You can create a security role in several ways. In the Security and compliance studio, you can record the working tasks for a target user. The recording results are stored in a security scenario. You can use this security scenario to fine-tune all securable objects and related access levels that are required for the target user to perform the working tasks.
If the security scenario is complete, you can search for a role that matches the security scenario. If no perfect match is found, you can create a security role for the security scenario in several ways. You can link the matched or new security role to the applicable users.

Create security role from duties and privileges

Security administrator
All users must be assigned to at least one security role to have access to Dynamics 365 for Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view.

You can use the Create role wizard to create a security role for selected privileges and duties.
You can select:
  • Privileges from a list of unallocated privileges. These privileges are not directly allocated to a security role and not indirectly (via a duty) allocated to a security role.
  • Privileges from a list of all privileges.
  • Duties from a list of all duties.
To have an up-to-date set of duties and privileges to select from, you can update the user license types before you select duties and privileges for a new role.

This procedure explains how to create a security role based on a selection of privileges and duties.

Create security role

Security administrator
Each user must be assigned to at least one security role to have access to Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view.
This topic explains how to create a security role.

Duplicate security role

Security administrator

Consider creating a subset of security roles that are actually used in your company. This way, the security administrator has a better overview of the security roles that are used in your company.

This topic explains how you can create an exact copy of a security role.

Merge security roles

Security administrator

 		You can merge existing security roles into another existing security role or a new security role.

Inactivate or activate security roles

Security administrator

When changes to a security role are required, you can choose to create a new version of it. In this case, the previous version of the security role must become inactive. So, it can't be assigned to users anymore.

Before you inactivate a security role, make sure it's not assigned to any user. If you inactivate a security role that is still assigned to users, you get an error message listing the users to which it is assigned.

You can also activate an inactive security role.

Add table read permissions to role or privilege

Security administrator

 		To any role or privilege, you can add read permissions for all tables or a selection of tables.
You can add table read permissions to a role or a privilege. In this task guide, the permissions are added to a role.

Merge security roles

Provide feedback