(101 question) How to associate privs with a module?

1st post, and hope it’s the right area…

Hi, realy basic question, as I try to grasp how D365 F&O works.

I’ve been reviewing some training on security, but it’s just not clear to me how to do the following.

I wanted to see if I could create my own role, then a duty, then see if I could assign privileges such that a user could see All of the

customers in the A/R module.(picked that module at random, just for testing)

What I’ve done so far:

  1. Created a role

  2. Assigned a new duty to above role(using “Create new and add reference”)

  3. Created a new priv, using “Create new and reference”

Now, I click the new priv, and I can see under “References”, “Action menu items”, “Display menu items”, etc etc

From here, I’m lost as to how I associate a priv with my A/R customer list?

Any help/direction is greatly appreciated!

Cheers,

Rich

You should create new duties and privileges only when no existing one meet your requirements.
If you want to go the deepest possible level for training purpose, this choice forces to you to learn about things like menu items, access levels etc. But note that roles, duties and privileges exist exactly for making things simpler for people setting up security, and maybe you too should start with them and go deeper to individual entry points later.
For example, the overview of customers is opened by CustTableListPage menu item (you can see it in URL), but customer details are opened by CustTable menu item. If you want to create a new privilige, you need to include both menu items and think about what other things may be needed. Microsoft’s already done if for you and you can use privileges like CustTableView, CustTableMaintain or CustomersListMaintain. Look at their content to see what things are more complicated then expected. For example, we didn’t mention granting permissions to fact boxes used by customer-related forms.

Thank you very much Martin!

I have been tasked with understanding how to assign user privs, and my understanding is that some users will be allowed to see some items on a given form, whilst others will see all available items, and so that led me to want to understand how to create a custom set of privs, etc…

I’m somewhat surprised that the “norm” is to use the OOB set of Roles/Duties etc, as I assumed businesses would wish to deploy highly customised sets of user rights etc. based on the various departmental needs.

But again, I’m very new, so have lots to learn yet.

Kind thanks,

Rich

ps. I can see the CustTableListPage in the URL easily enough, but when I click on a customer, the URL doesn’t change… Was curious where you see the detail URL item

There are thousands of menu items, tables, entities and so on. Building permissions sets used to be extremely difficult, time-consuming and error-prone. That’s why role-based security was introduced and the system is shipped with pre-defined privileges, duties and roles, so you can merely adjust them and don’t have to start from scratch. If you want to give up all these benefits, it’s your choice, but if you came here for advice, here it is.

PS: Click an account number again. Then follow my advice and check how many menu items are included in the standard privileges. You’ll see that you’re missing 90+% of what Microsoft think is needed.

point taken.

I’ll poke around & see how I get on…

Thanks again,

Rich

Rich,

I have an entire blog on D365FO security available here: http://d365foblog.com

Specifically the post that may help you the most would be: https://alexdmeyer.com/2018/07/19/setting-up-security-in-dynamics-365-for-finance-and-operations-part-ii-from-the-aot/

To answer your question directly, you would have to determine which object(s) allow you to perform the task you are looking to perform. From my past experience I know that the customer list is controlled by the CustTableListPage menu item display. The next step is to then determine at what level access you would like to grant access to this object with the access types being a hierarchy based on: Read → Update → Create → Delete. Once you determine the correct object(s) and access type then its a matter of assigning the object to the privilege, the privilege to a duty, the duty to a role, and the role to a user.

Feel free to reach out with any further security questions I would be happy to help.

Hi Alex, and thanks much for the reply…
I probably shouldn’t admit it, but I recently completed one of your courses, but I’m still struggling with the task at hand.
I’m charged with creating custom role(s), and the 1st one centers around pricing.

I am currently trying to hide some controls on the ‘Accounts receivable parameters’ Form / Prices tab

I have been advised that I should be making my security configurations in the UI.

I just cannot seem to expose the Controls on that form, no matter what I do for adding references etc…

I highlight my role name, hit Privileges, choose “Create new and add…”

I give it a name, then highlight that new prov name

I then click “Display menu items”, then “Add references”, I choose “CustParameters” & add it with ‘Read’

I then click “CustParameters” reference, and I have “Controls” & “Data sources” available next to it.

If I click Controls, I can get nothing to show up. What I’m trying at this point is, to use the control name I got by right clicking the form & seeing the control name, which is: “Prices_MarkupHeading”

That however, does not appear as an item when I look for it…

That’s about where it breaks down & I get lost…

Am I doing this the wrong way?

[emoticon:32974905e5454d4b8d35bf0c0fc789d5]

Rich