Microsoft Dynamics 365 provides organizations with a suite of comprehensive services that help them meet the company's needs. IT administrators charged with providing access to various applications can set up security roles designed to grant users specific data privileges. It’s possible to assign users to more than one security role depending on their position in an organization and the necessity for them to access specific information.
Why Is Role-Based Security Necessary?
Most business or finance applications use roles to enforce rules around how a user accesses and leverages the information. For example, administrators can create roles that provide view-only access to specific data. That may include things like customer representatives who need to validate info received from a caller, or data processing clerks needing to enter information may be placed in a role that grants permission to make data updates.
Organizations can set up security roles that allow applications to perform certain functions depending on the requestor. It’s possible to configure .NET applications to use security roles to authorize access depending on role membership or a principal’s identity.
The use of security roles helps organizations enact and reinforce security policies designed to keep confidential data from being viewed by anyone without a valid business need. Security roles also aid in the enforcement of corporate governance and compliance requirements.
Understanding Microsoft Dynamics 365 Security Role Features
Security roles define the way users access records in a company system. Assigning users to more than one role expands the perimeters of their access. All security roles consist of two forms of privileges:
- Record-level privileges — Defines each of the tasks allowed by users assigned to a role.
- Task-based privileges — Gives users individual permissions to perform tasks like Read, Create, Write, Assign, Share, and Delete.
Administrators can set up varying access levels for privileges granted to each security role.
- Global — Users gain access to every record in an organization.
- Deep — Users gain access to all information in their business unit and those that fall beneath it in the company hierarchy.
- Local — Users gain access to all data in their business unit.
- Basic — Users gain access to information they own, or any data shared with the user or the team of which they are a member.
- None — Users have no access to any information.
Users with specific permissions can override existing security roles for others. For example, someone who owns a record or has Share permission can make that information available to other team members or users in the organization, making this information viewable to even those who usually would not have sufficient levels of access. Once an admin grants those permissions, it’s not possible to remove them on an individual record basis. Any security role changes apply to all records of that type.
Administrators can grant permissions on a user or team basis. Individuals receive user privileges when they are directly assigned a role. They may also receive team privileges when they become a member of a given unit.
Assigning Security Roles in Dynamics 365
Administrators must set up an organizational structure designed to outline sensitive data protection while allowing collaboration among business units within an organization. Once that’s done, they can proceed with setting up and assigning security roles in Dynamics 365. Admins can also set up new security roles to align with business requirements or edit the permissions granted to current security roles.
Assigning New Security Roles
Once an administrator has added new users to Dynamics 365, they can start assigning them to security roles.
- Go to Settings, then Security, then select Users.
- Look up and select the users needing to be assigned to a security role.
- Select More Commands (…), then Manage Roles. Admins will only see the roles available for a user’s business unit.
- Select the security role(s) for the user or users in the Manage User Roles dialog box, then select OK.
Creating a Security Role for Access Management
Only individuals assigned to the role of System Administrator, System Customizer, or another role with the same permissions may set up new security roles.
- Select Settings, then Security, then click on Security Roles.
- Look for the Actions toolbar, then click New.
- Start setting up the privileges for each tab. Admins can change each privilege's access level by clicking on the symbol until the required one appears. They can also accomplish the same function by selecting the privilege column heading or continually clicking the record type.
- Click Save and Close to complete the changes.
It’s also possible for admins to create new security roles by using the Copy Role function.
- Go to Settings, then Security, then click on Security Roles.
- Select the Security role to be copied.
- Click Copy Role on the Actions toolbar.
- Enter the name for the new Role, then check the box titled indicating that the new security role should be opened once copying is complete.
- Click Ok to complete the changes.
- Navigate to each of the tabs for the new role and set the privileges.
One problem with the Copy Role function is that product updates can change security role privileges that make that new security role function improperly. One solution is to create a custom security role capable of dynamically changing after any updates.
- Go to Settings, then Security.
- Select Security Roles, then click New.
- Type in the role name, then click on the Business Management tab.
- Scroll down until you see the Entity list.
- Set the security role privileges as needed.
Maximize the Benefits of Security Roles in Dynamics 365
Working with Dynamics 365 cloud security features can be challenging for many organizations. Internet eBusiness Solutions (IES) helps organizations work through the complexities of Dynamics 365 security role management and implement an infrastructure that meets the business's needs. Learn more about how IES can become a vital partner in optimizing Microsoft Dynamics 365 integrations by setting up a consultation with one of our team members.