User Role Setup Suggestions

Barb_Grant · September 13, 2024, 3:04pm

We are new to D365 and are in the setup stages of security and user roles. Do any of you have suggestions on best practices for creating new roles, modifying roles or even determining what roles to assign? The task of setting these roles up seems very tedious and we have many positions with role overlap. Really struggling…

jacob.roder · September 13, 2024, 3:28pm

@alex_meyer ?? Can you help?

alex_meyer · September 13, 2024, 7:04pm

Barb,

This is a very good question, it is one that I get asked quite often. And just so you know you are not along for feeling overwhelmed with this process.

From a high level, the steps to achieve this would be to:

Determine the actions /processes each user needs to perform within the system (create a purchase req, modify a vendor, post a GL etc)
Map these processes to the technical securable objects required to perform that task, this is the toughest step in the process
There are native tools to help with this (Security diagnostics for task recordings - Finance & Operations | Dynamics 365 | Microsoft Learn and How to Simulate the Security Development Tool in Dynamics 365 for Finance and Operations - Alex Meyer) and there are also tools from Fastpath/Delinea that I created to help with this process
Determine if you want to use out of the box security or create new custom security to assign to the user (this decision will mostly be made by your ‘risk appetite’ or how willing you are to accept a user having too much access within D365FO - out of the box security will be easier to assign but will probably grant too much access, developing your own custom security will take more time/effort but lead to more accurate permission assignment)
Whatever approach is used, it is recommended you design your security to be ‘job focused’ as in ‘what does a user in this particular job need access to do’ instead of designing security for a specific user. In this way you can ‘reuse’ your security for others in the same or similar positions (eg: create an ‘Accountant’ role instead of a role specific to each individual in the Accounting department)

Other resources:
Developing Least Privilege Security in D365FO

If this is all over whelming and you want additional assistance there are ISVs and partners that can help with this process too.

Happy to discuss this in more detail or answer any other questions you might have!