Identifying Roles for Security in Dynamics 365 for Operations

by | Updated December 29, 2017 | Dynamics 365 for Finance and Operations, Security

With Dynamics 365 for Operations comes change. And change is good, it helps keep us on our toes and gives us an opportunity to freshen up our skill sets. There is plenty of change with Dynamics 365 for Operations and one such opportunity to freshen up my security skillsets recently presented itself.

A client asked what role they needed to add a user to in order for the user to be able to run Process assortments from the Retail module.


The Process assortments link simply popped out a flyout form to run a batch job that executed the Retail Assortments Job.


A Quick Review – Security in Dynamics 365 for Operations

Security in Dynamics 365 for Operations is largely unchanged from Dynamics AX 2012. It’s still focused on role-based security with a minor new layer of Azure Active Directory as an authentication mechanism before the authorization piece. I’m not going to cover how security works in Dynamics 365 for Operations, but if you are interested in learning more, review the following links:

In a nutshell, this is how security is structured in Dynamics 365 for Operations:


Security Changes in Dynamics 365 for Operations

There are a few changes to security in Dynamics 365 for Operations, while not exhaustive, they are:

  • Process Cycles have been removed
  • Record Level Security is obsolete
  • Security changes are stored as data when done from the UI

The root of all security is gained by placing users within a defined Security Role to grant them access to whatever it is they need access to (this is really simplifying security).  In Dynamics AX 2012, the old way of figuring out when a user didn’t have access to something (in this case that something is a menu item), you could do the following:

  • Identify the area the user didn’t have access to
  • Log into Dynamics AX as a sysadmin
  • Right-click on it on the area, select personalize and identify what the object was
  • Open the AOT and select the object (or find the root object)
  • Use the Security tools add-in to View Related security roles report

This is a simplified overview of how you could determine what role a user might need to be added to gain access to an object (form, menu item, etc.)

Identifying What Roles Have Access to An Object

With Dynamics 365 for Operations, things have changed.  The old way of identifying what role(s) have access to an object is different, as the interface and client are different. Let’s circle back to the question at the start of this blog.

What role(s) have access to run the Process assortments job in Retail?

There were two ways this question could potentially be answered:

  1. Use Task Recorder to create a recording of the steps in the process and then use Security diagnostics for task recordings (System Administration | Security) to review required permissions.
  2. Use a developer machine, open Visual Studio and navigate through the AOT to find the object and default roles that have permission.

I started with option number one above, however, I found that the recording simply didn’t provide any security context information since it was a flyout and not a true form:

Here are the recording steps:


And here is what the Security diagnostics for task recordings showed (short version – total bust):



Option number two it is.

Identifying Roles in Visual Studio

To start I did the following:

  1. Logged into a Developer Machined
  2. Opened Visual Studio
  3. Navigated to AOT | User Interface | Menus | RetailMain | RetailITMenu | ProductsAssortmentExploderJobScheduler


First I looked at the Properties window to determine what objects are involved.  In this case, it’s a Menu Item with a type of Action.


Next, I navigated to AOT | User Interface | Menu Items | Action | RetailAssortmentExploderJobScheduler


Then I right clicked on the menu action and selected Open designer


From the designer window, right click on the RetailAssortmentExploderJobScheduler and select Addins | View related roles


And here is the resulting report showing what Roles by default have access to this object thus answering the question what roles a user might need to be added to be able to run the Process Assortments job.



Related Posts


  1. Iván Valdés

    Do you know if exists any way to assign roles automatically to a user which is in a group? Maybe can I assign roles to user groups? If I can’t do that, what can I do similar?

    Thank you.

  2. Brandon Carmichael

    Hello Ivan,

    If you are referring to an Active Directory group, then yes, you can assign role to AD group as in other AX environment.
    For example, you can create a group call DAXALL in AD, then put all your AX users in this AD group. Then when you add this group in AX, anyone that is in this AD group can login to AX.
    So this allows the AX admin to just add this DAXALL group in AX once vs having to enter the individual users in that group into AX.

    Hope this helps,

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


01sep10:00 am10:30 amEnsuring Quality and Compliance for Batch Manufacturers in Life Sciences

01sep12:00 pm12:30 pmIs it Worth It to Move to the Cloud? A Look at Considerations for Current Agribusinesses Using Dynamics GP

01sep2:00 pm2:45 pmWhat’s New in Dynamics 365 Finance and Supply Chain

09sep11:00 am12:00 pmConfab Live with Stoneridge – Data Strategy and Reporting – Mining Decision Making Insights

15sep10:00 am11:00 amSolving the Biggest Challenges in Agribusiness Through Innovation and Technology

22sep12:00 am12:30 pmSimplifying Payroll and HR Management with ADP Workforce Now

22sep10:00 am10:30 amStreamlining Batch Manufacturing with Technology

22sep2:00 pm2:30 pmProcess Automation for Microsoft Dynamics D365 for Business Central, Finance and Operations and GP

23sep11:00 am12:00 pmConfab LIVE with Stoneridge - Riding the Wave 2 Release – Key Features Coming to Dynamics 365 this October

27sep(sep 27)9:00 am15oct(oct 15)11:00 amDynamics 365 Finance & Supply Chain Development Training - Online Workshop

29sep10:00 am11:00 amTop Five Reasons Why NOW is the Right Time to Move from Salesforce to Dynamics 365 Customer Engagement

29sep12:00 pm12:45 pmUnderstanding Job Costing and Tax Management in Business Central

29sep2:00 pm3:00 pmDigitalizing Horticulture & Agriculture - How to Sell Plants Online and Simplify Business Management

30sep12:00 pm4:00 pmSecurity and Permissions Training for D365 Business Central or Dynamics NAV


27sep(sep 27)9:00 am15oct(oct 15)11:00 amDynamics 365 Finance & Supply Chain Development Training - Online Workshop

06oct10:00 am10:30 amPreview of D365 Business Central Fall Release Features and Functionality

06oct12:00 pm12:30 pmInsider's Guide to New Features Available in the Fall Release of D365 Finance and Supply Chain

07oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Technical

21oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Functional

26oct(oct 26)9:00 am28(oct 28)5:00 pmStoneridge Connect Leadership and Community Conference

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!