1. Data Management
  2. Security and Compliance Studio
  3. Flows

Merge security roles
Activity Flow

You can merge existing security roles into another existing security role or a new security role.

Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Start Start Lock or unlock security role Lock or unlock security role You can lock a security role. So, it can't be used as a target role when roles are merged. If a security role lock is no longer required, you can unlock the security role. Procedure 1. Click Security management. 2. Sub-task: Lock selected roles. 3. Click the Roles tab. 4. In the list, find and select the desired records. 5. Click Lock roles. 6. Sub-task: Lock all roles. 7. Click Locked security roles. 8. Click Lock all roles. 9. Close the page. 10. Sub-task: Unlock role. 11. Click Locked security roles. 12. In the list, find and select the desired records. 13. Click Delete. 14. Click Yes. Merge security roles Merge security roles You can merge existing security roles into another existing security role or a new security role.   On merge: The selected roles remain unchanged. The selected roles aren't added to the target role as such. The duties and privileges of the selected roles aren't added to the target role as such. All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. Entry points with a higher license type than the defined Max user license type are not added to the privileges. If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges. You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added. If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties. If the target role doesn't have any duties and privileges, it will only have the new privileges or duties. If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay. Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose: Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point. Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one. The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules. Procedure 1. Click Security management. 2. Click Merge roles. 3. In the Name field, enter or select a value. 4. If you do not want to have it locked after the merge, select No in the Lock target role? field. 5. In the Available roles list, select the roles you want to merge into the target role. Note: You can sort and filter the roles in the Available roles list. If you select roles to be merged, a segregation of duties check is done on the selected roles. If violated, a message is shown. 6. Click the right-arrow button to move these roles to the Selected roles list. Note: You can sort and filter the roles in the Selected roles list. 7. Click Next. 8. You can group all lowest entry points of the selected roles into one privilege. Select Yes in the Create single privilege field. Note: By default, a new privilege is created with the name of the target role. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. 9. You can group all lowest entry points of the selected roles into privileges by type of entry point. Select the types of entry points that you want to add from the selected roles to the target role. Note: - You can only group into privileges by type of entry points if the Create single privilege field is set to No. - By default, a new privilege is created with the name of the target role and the entry point type between parentheses. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. 10. Select Yes in the Create duty field. 11. By default, the Create single duty field is set to Yes and the defined privileges are added to one duty. Select No in the Create single duty field if you want to add the previously defined privileges to a duty for each privilege type. Note: If you create a single duty, by default, a new duty is created with the name of the target role. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added. 12. If you have set the Create single duty field to No, you can add the defined privileges to a duty for each selected type of privilege. Select the privileges to be added to a duty. Note: By default, a new duty is created with the name of the target role and the privilege type between parentheses. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added. 13. Click Next. 14. Define how to set the permissions for the entry points in the target role. You can choose: - Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point. - Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one. For each type, set the permission. Note: This only is applicable if the target role already exists and has the same entry points. 15. In the Maximum user license type field, select an option. 16. Click Next. 17. Click Finish. 18. Click Yes. Lock or unlock security role  as target role in  merging security roles? Lock or unlock security role  as target role in  merging security roles? End End Yes No

Activities

Name Responsible Description

Lock or unlock security role

Security administrator
You can lock a security role. So, it can't be used as a target role when roles are merged.
If a security role lock is no longer required, you can unlock the security role.

Merge security roles

Security administrator
You can merge existing security roles into another existing security role or a new security role.
 
On merge:
  • The selected roles remain unchanged.
  • The selected roles aren't added to the target role as such.
  • The duties and privileges of the selected roles aren't added to the target role as such.
  • All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
  • Entry points with a higher license type than the defined Max user license type are not added to the privileges.
  • If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges.
  • You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added.
  • If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties.
  • If the target role doesn't have any duties and privileges, it will only have the new privileges or duties.
  • If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay.
  • Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose:
    • Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point.
    • Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one.
  • The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.

Activities

Name Responsible Description

Lock or unlock security role

Security administrator
You can lock a security role. So, it can't be used as a target role when roles are merged.
If a security role lock is no longer required, you can unlock the security role.

Merge security roles

Security administrator
You can merge existing security roles into another existing security role or a new security role.
 
On merge:
  • The selected roles remain unchanged.
  • The selected roles aren't added to the target role as such.
  • The duties and privileges of the selected roles aren't added to the target role as such.
  • All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
  • Entry points with a higher license type than the defined Max user license type are not added to the privileges.
  • If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges.
  • You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added.
  • If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties.
  • If the target role doesn't have any duties and privileges, it will only have the new privileges or duties.
  • If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay.
  • Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose:
    • Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point.
    • Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one.
  • The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.
Related to Notes

Merge security roles

 		 

Provide feedback