D365 Finance & Operations and Dynamics AX Forum

Expand all | Collapse all

Security Permissions

  • 1.  Security Permissions

    Posted Aug 14, 2019 10:52 AM
    Good Morning, looking to see how other customers, partners or ISV's may have addressed this question we have from a customer using our ISV solution

    Customer would like to restrict our module access in D365. They would like these 4 different roles:

    1.        View Only – Can view all screens our module but no access to modify(Process/Update/Resend) any documents or configurations. 
    2.        Support User – Can view all screens and process transactions in all screens(Allowed to reset/process any documents but no access to delete them. Archive is allowed.) but no access to change anything under Cross References tab, Setup Tab or Settings tab.
    3.        Support Manager - Can view all screens and process transactions in all screens(including delete) but no access to change anything under Cross References tab, Setup Tab or Settings tab.
    4.        SysAdmin – Which will have access to everything including configuration changes.

    I have 20 years of GP experience, a little new to D3FO. Based on my past experience with GP - this would be something handled within GP security. Is this something the user and their partner should be able to do within security configuration maybe.

    Andrea Smiley
    Product Manager
    Providence RI

  • 2.  RE: Security Permissions

    Posted Aug 14, 2019 03:23 PM
    Hi Andrea,

    This is definitely something that can be addressed with security privileges. You may need to create custom roles to do this, but you can restrict tables to be read, create, update, delete. This is pretty "in the weeds" of the security setup in D365FO, but definitely possible.
    Sys admin by default has access to everything, there might be out of the box roles that will provide something similar to the Support Manager role. What we have done in our system is duplicate the out of the box roles and then modified those and assigned them to users.

    Pretty much any screen in D365 will show you what privileges/duties/roles have access to a certain page by clicking on Options > Security Diagnostics. From a privilege you can dig deeper into what tables or entities the privilege provides access to and restrict access by only granting "read" and denying "create", "update", and "delete".

    I hope this helps, feel free to reach out if you want more information.


    Kerstin Newman
    Business Analyst
    London ON


  • 3.  RE: Security Permissions

    Posted Aug 14, 2019 04:40 PM
    Thank you - so this is something their D3FO partner should be able to help them with vs. an ISV.

    Andrea Smiley
    Product Manager
    Providence RI


  • 4.  RE: Security Permissions

    Posted Aug 14, 2019 05:58 PM
    Yes, the partner can definitely help them.

    Shirley Adams
    Solution Architect
    AKA Enterprise Solutions
    New York NY


  • 5.  RE: Security Permissions

    Posted Aug 15, 2019 08:57 AM

    As others have mentioned, this can be handled by D365FO security.

    If you would like an overview of how D365FO security works and how to utilize it for your use case you can check out my blog specifically around the features and functionality of security within the application: http://d365foblog.com/

    Specifically if you are just starting out I would recommend these posts:

    I have also set up the idea of 'least privilege' security for our own ISV solution so if you have any questions about how to go about doing this please feel free to reach out and I would be happy to answer them.

    Alex Meyer
    Director of Dynamics AX/365 for Finance & Operations Development
    Des Moines, IA


If you've found this thread useful, dive deeper into User Group community content by role