All users must be assigned to at least one security role to have access to Dynamics 365 for Finance and Operations. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view.
You can use the Security role wizard to create or edit a security role. You can select the desired duties, privileges, and entry points.
The Security role wizard uses the latest snapshot as a basis. So, for the Security role wizard to have the best performance, make sure the latest snapshot is up-to-date.
In the Security and compliance studio parameters, the Enable dynamic snapshot parameter exists. If set to:
1. | Click Security management. |
2. | Click Create role. |
3. | Click Next. |
4. | You can use the Security role wizard to create a new security role or to edit an existing security role. |
  | In the New or existing role field, select an option. |
5. | If you use the Security role wizard to:
|
  | In the Role name field, type or select a value. |
6. | In the Role description field, type a value. |
7. | You can define the extensible data security policy context string that applies to the security rule. |
  | In the Security policy context string field, type a value. |
8. | Define if you want to include duties in the security role setup. |
  | Select Yes in the Include duties field. |
  |
Note: If you select No, the All duties step is skipped. |
9. | Define if you want to include privileges in the security role setup. |
  | Select Yes in the Include privileges field. |
  |
Note: If you select No, the All privileges step is skipped. |
10. | Define if you want to include entry points in the security role setup. |
  | Select Yes in the Include entry points field. |
  |
Note: If you select No, the Entry points step is skipped. |
11. | When you finish the Security role wizard, a security role is created. On creation of the security role, you can apply segregation of duties validations. |
  | Select Yes in the Segregation of duties validation field. |
12. | You can define the maximum access level of the securable objects that you want to include in the security role. The maximum access level limits the number of securable objects that are shown in the available objects lists. |
  | In the Maximum access level field, select an option. |
  |
Note: If you edit an existing security role, the maximum access level does not remove securable objects with a higher access level from the security role. |
13. | Click Next. |
  |
Note: You can only click Next if you at least have:
|
14. | Sub-task: Select duties. |
14.1 | You can limit the list of available duties to only show the duties that are not allocated to a security role. |
  | Select Yes in the Not linked to any roles field. |
14.2 | You can show additional information in the list of available duties:
|
  | Select Yes in the Show additional details field. |
14.3 | In the Available duties list, select the duties that you want to include in the security role. |
14.4 | Click Add to selection. |
14.5 | You can exclude selected duties from the security role. You can do so for duties that never must be included in the security role. On creation of the security role, the excluded duties are not added to the security role. When you later edit the security role with the Security role wizard, the excluded duties are not shown in the list of available duties. |
  | In Selected duties list, select the duties to be excluded from the security role. |
14.6 | Click Mark as excluded. |
  |
Note: To re-include an excluded duty, select the excluded duty and click mark as included. |
14.7 | Click Next. |
15. | Sub-task: Select privileges. |
15.1 | You can limit the list of available privileges to only show the privileges that are not allocated to a:
|
  | Select Yes in the Not linked to any roles field. |
15.2 | You can show additional information in the list of available privileges:
|
  | Select Yes in the Show additional details field. |
15.3 | In the Available privileges list, select the privileges that you want to include in the security role. |
15.4 | Click Add to selection. |
15.5 | You can exclude selected privileges from the security role. You can do so for privileges that never must be included in the security role. On creation of the security role, the excluded privileges are not added to the security role. When you later edit the security role with the Security role wizard, the excluded privileges are not shown in the list of available privileges. |
  | In Selected privileges list, select the privileges to be excluded from the security role. |
15.6 | Click Mark as excluded. |
  |
Note: To re-include an excluded privilege, select the excluded privilege and click mark as included. |
15.7 | Click Next. |
16. | Sub-task: Select entry points. |
16.1 | You can filter the Available entry points list by module. |
  | In the Module field, enter or select a value. |
16.2 | You can show additional information in the list of available entry points: Entry point name. |
  | Select Yes in the Show additional details field. |
16.3 | In the Available entry points list, select the entry points that you want to include in the security role. |
16.4 | Define with which access level you want to add the entry points to the security role. |
  | In the Move with: field, select an option. |
16.5 | Click Add. |
16.6 | You can exclude selected entry points from the security role. You can do so for entry points that never must be included in the security role. On creation of the security role, the excluded entry points are not added to the security role. When you later edit the security role with the Security role wizard, the excluded entry points are not shown in the list of available entry points. |
  | In Selected entry points list, select the entry points to be excluded from the security role. |
16.7 | Click Mark as excluded. |
  |
Note: To re-include an excluded entry point, select the excluded entry point and click mark as included. |
16.8 | Click Next. |
17. | Click Finish. |
Related to | Notes |
---|---|
Manage security roles |
  |