Microsoft D365 Finance and Operations is by far the most useful ERP system for businesses. Its capabilities are designed to empower enterprises and streamline their operations at every step.
However, a crucial aspect of the system is managing Dynamics 365 Finance administration of users accessing and security roles. In this article, we will talk about the SysAdmin role to help you understand user accounts and security role assignments better.
What is the role of finance and operations in d365?
The Finance and Operations module helps businesses streamline their financial and business processes, manage supply chain operations, and obtain useful insights through advanced analytics. Proper role assignments ensure that users in the Finance and Operations module may complete their jobs quickly while keeping data secure.
What are role privileges in d365?
Role privileges specify which activities and tasks a user can perform within Dynamics 365 Finance and Operations. Security roles are made up of several privileges, and understanding these privileges is critical for efficient role management.
Privileges can range from simple read and write access to more complex tasks such as data deletion or configuration changes.
Assigning the appropriate privileges ensures that users have the essential permissions while avoiding unwanted access to critical information.
Manage users and security roles in d365
To use anything other than ordinary capabilities in financial and operations apps, users must be allocated security roles. Users can be assigned to roles automatically using rules and business data, excluded from automatic role assignment, or added to roles manually.
How do I assign user roles in Dynamics 365?
There are 2 ways to do it, both manually and automatically. Following are the steps for both.
- Automatically assign users to roles
This procedure outlines how administrators can automatically allocate roles to users based on business data.
- Manually assign users to roles
Users assigned to security responsibilities must be manually removed by the administrator. The guidelines for automated role assignment do not remove these users from their roles.
Role Assignments in D365 FO - How do you assign a security role to a team in dynamics?
SysAdmin (System Administrator) role assignments are crucial in Dynamics 365 because they provide enhanced privileges that affect the entire system. To improve security, consider adding logging to SysAdmin role assignments. Logging enables administrators to log changes to role assignments, creating an audit trail of who made the changes and when. This can help to identify and mitigate security threats quickly.
- Design
The first step is to set up a table to track when a person was assigned or removed from the SysAdmin role. We provided the impacted user, the action being performed, and a reason box where you could perhaps write an explanation for why this assignment change occurred.
Next, we wanted to be able to capture when this change occurred; in this case, we used the table events on the SecurityUserRole database and listened for just changes where the SysAdmin role was assigned/revoked.
The updating and deleting table events varied differently since we had to use the Common object to retrieve the new data and care for the possibility of the RoleAssignmentStatus parameter changing.
To allow user feedback on why the SysAdmin role was assigned/revoked, a custom form had to be created. The next step was to create the AmSysAdminReason form, which is referenced in the above code. We used a basic dialog to prompt the user for input. (Note: This field is optional, and clicking the Submit button closes the form).
- Testing Solution
So let’s see what this looks like in the application if we go back and use the capability provided at System Administration -> Alex Meyer’s Security Toolkit to revoke the SysAdmin role.
When we click the button to assign or revoke the SysAdmin role, another form appears to request the user for the reason for the change:
Since the event listeners are done at the table level, this will also work for the regular user role assignment done using the System Administration -> User form:
- Reporting
Once we’ve logged this information, the following step is to report on it. In the System Administration -> Alex Meyer’s Security Toolkit menu path, I created a new element for reporting:
This then brings you to the SysAdmin log report, which displays when the role change occurred, the user to whom it was assigned/revoked, the cause (if any), the action taken, and the user who updated it.
It is worth noting that if the User and Modified By user fields are the same, this process was completed using the ‘Assign/Revoke SysAdmin’ capability. If the users are different, it indicates that the was completed via the System Administration -> Users form.
Bottom Line
Finally, Regularly assessing and upgrading role assignments ensures that your Dynamics 365 environment is secure and in line with your organization’s evolving demands. Finally, just be a little careful when you assign security roles.
Know the responsibilities of the users and modify your code accordingly. If you need some professional assistance, let the DHRP experts help you with the process to make it easy for you.