Security Roles in D365 Finance and Operation

HITESH JINGARE April 03, 2023

Introduction:

Ensuring user security is a crucial aspect in Dynamics 365 for Finance and Operations.

To access or utilize the features of Dynamics 365 F&O, a user must have a role assigned to them. Without a role, the user will be unable to perform any actions within the system.

Access levels and business processes for a particular role are determined by the duties and privileges associated with that role.

In this blog post, we will explore two recently introduced features that simplify the process of comprehending and setting up customized security roles within Dynamics 365:

security diagnostic and security configuration tools.

Defining terms used in Security:

Security Roles:

  • Security roles in Dynamics 365 define how users can access different modules.
  • The system comes with pre-defined security roles that can be assigned to users. A user has the ability to possess multiple security roles.
  • Data security policies can only be applied by the administrator to limit user access to data.
  • To gain access to Finance and Operations, it is mandatory for users to be assigned to at least one security role. 
  • Security roles correspond to company responsibilities and contain a set of duties required to carry out functions.

Duties:

  • Duties correspond to tasks of a role and are part of a business process.
  • They are composed of privileges necessary for performing an action.
  • Duties can be assigned to multiple security roles and help reduce fraud and detect errors.
  • Segregating duties is important for regulatory compliance such as SOX and IFRS.
  • Default duties are provided, and administrators can modify or create new duties.

Privileges:

  • Privileges are unit action sets that correspond to system functions.
  • They specify the level of access required to perform a job or complete an assignment.
  • Privileges refer to specific permissions granted to application objects such as UI elements and tables.
  • Default privileges are provided, and administrators can modify or create new privileges.

Permissions:

  • Permissions are required for accessing functions in Dynamics 365.
  • Access levels are grouped for permissions to tables, fields, forms, or server-side methods.
  • Permissions include any tables, fields, forms, or server-side methods accessed through the entry point.

Security Configuration Tool:

The Security Configuration Tool is a useful tool for administrators as it enables them to create and manage security roles, duties, and privileges. 

The Security Configuration Tool is a feature in Dynamics 365 that offers various benefits to users. Here are some of the benefits:

Display Entry Point Permissions: The tool enables administrators to display entry point permissions for a given role, duty, or privilege.

Test Security Role is a useful feature that allows users to check if a security role, duty, or privilege has been newly created or modified, without having to create a separate test user account. 

Non-Permanent Changes: Changes made in the Security Configuration Tool are not permanent and must be published to take effect.

Data Export/Import: Changes can be saved as a data export file that can be imported into desired environments.

Full Hierarchy View: Users can access the tool by going to System administration > Security > Security Configuration and have a full hierarchy view of roles, duties, privileges, and entry point security assignments.

Duplicate Existing Roles: Users can duplicate existing roles, duties, and privileges.

Various Options: The tool offers several options for performing against the currently selected role/duty/privilege, including undo/redo customizations, creating new roles, showing all levels, deleting roles, duplicating roles, copying roles, viewing permissions, and displaying the audit trail.

To add a new role in Dynamics 365 with the Security Configuration Tool, you can follow these easy steps:

Step 1: Select the 'Roles' tab and click 'Create new' to create a new role in Dynamics 365.

Step 2: Enter the name of the new role using a different naming convention so that it is easily identifiable.

Step 3: To add a new duty to a role, highlight it, go to the Duties column, and select Add references.

All duties (and customs if created) will be available in the list.

Step 4: You can select certain tasks, and their corresponding privileges, to be available in a role. If needed, users can remove certain tasks from the role.

Step 5: To modify object permissions, go to the Privileges section. Dynamics 365 has different access levels, such as Read, Update, Create, and Delete, that determine a user's level of access to a particular record or record type.

Security roles have three types of access levels: Unset, Grant, and Deny.

Step 6: Any modifications made in the user interface must be published before they are implemented. This list shows all the changes that are not yet published.

Security Diagnostic Tool:

The Security Diagnostic Tool is a unique feature of Dynamics 365 that empowers individuals with a security administrator or system administrator role to conduct an assessment on any form to identify the roles, duties, and privileges required to accomplish a task. 

The tool provides numerous advantages to its users, including:

To use the Security Diagnostic Tool, simply follow these steps: go to the Option tab, then select Page Options, and finally, click on Security Diagnostics. 

This will automatically run the tool for you. Remember that the Security Diagnostic Tool is available on any form. 

After the tool runs, it will generate a comprehensive list of all the roles, duties, and privileges related to that particular form. 

This enables administrators to quickly identify any gaps in security and make necessary adjustments to ensure the protection of the system and its data.

Conclusion:

In conclusion, Dynamics 365 for Finance offers a reliable and secure role-based security system that guarantees that users have access to only the data that is necessary for them to carry out their tasks. 

The security roles, duties, privileges, and permissions collaborate to create a comprehensive security system that is effective. 

Moreover, the security diagnostic and configuration tools make it simpler to comprehend and customize security roles in Dynamics 365.

Tags:

Post a Comment

4 Comments

  1. AnonymousApril 6, 2023 at 3:26 AM

    Thanks a lot. I have a question, How can we remove unpublished objects from the list? Imagine that I have make a mistake and I dont want to publish these changes.

    ReplyDelete
    Replies
    1. HITESH JINGAREApril 11, 2023 at 11:55 AM

      Thank you for your comment and question!
      It is not possible to remove an unpublished object directly, there is a workaround
      you can publish the object that contains the unwanted role. Next, you can navigate back to the roles and delete the unwanted roles that were mistakenly added.

      Delete
  2. AnonymousApril 11, 2023 at 11:12 AM

    Another question please, from a functional consultant point of view, is there any way to know what are the privileges behind a particular button or function?
    Great post. Thank you for your effort.

    ReplyDelete
    Replies
    1. HITESH JINGAREApril 11, 2023 at 11:48 AM

      Thank you for your comment and for reading our blog post. Yes, as a functional consultant , you can use the Security Development Tool to identify the privileges behind a particular button or function. for more information you can DM in LinkedIn

      Delete