Spread the love

Create and assign custom privilege:

Let’s review how to create and assign the role of purchase order creation or delete etc. Like what we created in roles creation, we need to create a duplicate privilege.

First, we will create a duplicate custom privilege and then we will create new custom role. Privilege will be assigned to the custom role.

By using security diagnostic option on the purchase order form, I found the privilege which allows the user to create or delete purchase order and made a duplicate privilege.

Duplicated:

In this privilege we can see the action menu items, display menu items. It means which buttons will showed to user for performing actions.

Verify the access from business user:

The user has the below access on assigning of above purchase order maintain role:

In the purchase order, user has the rights of below buttons / functions:

Record level security

In above screenshot, we can see that user dont have the rights to print purchase order. This is called record level security. Let’s understand how to assign a specific button to the user:

Go to the required button and click on it to open. Copy the data source name for this page:

Go to the privilege and add this data source “VendPurchOrderJour” in “Display menu items” grant access:

Publish the changes:

Data entities access

In the privilege, we can add the required data entities for the user to access:

Lets verify the access of data entities

Go to the data management workspace and create new project:

Navigation: Workspaces> Data management

In above screenshot we can verify that assigned data entities are visible to user.

Set up segregation of duties

You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties.

For example, you might not want the same person to acknowledge the receipt of goods and to process payment to the vendor.

Helps in reducing the risk of fraud and errors in business.

Navigation: System administration > Security > Segregation of duties > Segregation of duties rules.

Created rule for below two duties. It means whenever there will be a conflict in security configurations, system admin can find out the roles, duty or even the username who is conflicting with segregation of duties:

Verify compliance of user role assignments

Navigation: System administration > security > segregation of duty is > verify compliance of user role assignments

We will receive the notifications and the segregation of duties conflict will be generated in D365

Segregation of duties conflict

To view the conflicts of segregation of duties, go to the below path:

Navigation: System administrations> security> segregation of duty is> segregation of duties conflicts

System admin can deny or allow assignments.

 

 Deny assignment

Upon click on deny assignment button, system admin will get the below options and will press OK:

 Allow assignment

If system admin wants to allow the assignment, then with a reasonable description can be added and will press OK:

The status will be updated:

Out-of-box security reports

Below are some OOTB reports that are available for security configurations.

User role assignments

The User role assignments report generates a view of the current user role assignments in your system.

Navigation: System administration > Inquiries > Security > User role assignments

 

Role to user assignments

The Role to user assignment report provides an aggregation of role assignments. Expanding a role in the report shows the list of users assigned to the role, and expanding the username shows any restrictions the role has applied.

 Security duty assignments

The Security duty assignments report provides a view of all the duties contained within a role