Create and assign custom privilege:
Let’s review how to create and assign the role of purchase order creation or delete etc. Like what we created in roles creation, we need to create a duplicate privilege.
First, we will create a duplicate custom privilege and then we will create new custom role. Privilege will be assigned to the custom role.
By using security diagnostic option on the purchase order form, I found the privilege which allows the user to create or delete purchase order and made a duplicate privilege.
Duplicated:
In this privilege we can see the action menu items, display menu items. It means which buttons will showed to user for performing actions.
Verify the access from business user:
The user has the below access on assigning of above purchase order maintain role:
In the purchase order, user has the rights of below buttons / functions:
Record level security
In above screenshot, we can see that user dont have the rights to print purchase order. This is called record level security. Let’s understand how to assign a specific button to the user:
Go to the required button and click on it to open. Copy the data source name for this page:
Go to the privilege and add this data source “VendPurchOrderJour” in “Display menu items” grant access:
Publish the changes:
Data entities access
In the privilege, we can add the required data entities for the user to access:
Lets verify the access of data entities
Go to the data management workspace and create new project:
Navigation: Workspaces> Data management
In above screenshot we can verify that assigned data entities are visible to user.
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties.
For example, you might not want the same person to acknowledge the receipt of goods and to process payment to the vendor.
Helps in reducing the risk of fraud and errors in business.
Navigation: System administration > Security > Segregation of duties > Segregation of duties rules.
Created rule for below two duties. It means whenever there will be a conflict in security configurations, system admin can find out the roles, duty or even the username who is conflicting with segregation of duties:
Verify compliance of user role assignments
Navigation: System administration > security > segregation of duty is > verify compliance of user role assignments
We will receive the notifications and the segregation of duties conflict will be generated in D365
Segregation of duties conflict
To view the conflicts of segregation of duties, go to the below path:
Navigation: System administrations> security> segregation of duty is> segregation of duties conflicts
System admin can deny or allow assignments.
Deny assignment
Upon click on deny assignment button, system admin will get the below options and will press OK:
Allow assignment
If system admin wants to allow the assignment, then with a reasonable description can be added and will press OK:
The status will be updated:
Out-of-box security reports
Below are some OOTB reports that are available for security configurations.
User role assignments
The User role assignments report generates a view of the current user role assignments in your system.
Navigation: System administration > Inquiries > Security > User role assignments
Role to user assignments
The Role to user assignment report provides an aggregation of role assignments. Expanding a role in the report shows the list of users assigned to the role, and expanding the username shows any restrictions the role has applied.
The Security duty assignments report provides a view of all the duties contained within a role