Fastpath Blog- Articles on Security, Audit and Compliance

How to Create a View Only Role In D365FO

Written by Alex Meyer | Jul 11, 2024 1:00:00 PM
There are many scenarios where setting up security within Dynamics 365 for Finance and Operations (D365FO) should be straight forward, but it isn't. One of those scenarios that is asked about frequently is around creating a View Only role (a role that only has view access to all objects in the system). There are many reasons that a view only role would be needed within D365FO:
 
  • Executive/Upper Management users who need access to view information but should not be able to transact in the system
  • Internal/External audit users who need to validate reports and policies/procedures

Now while I would recommend only granting access to the areas a users needs to perform their job function (taking a ‘least privilege’ approach to security) the risk for granting read only access is less than over provisioning on accesses that can transact with the system.

Goal

The goal with this is that we want to grant all menu item displays at a Read level to the user, this would give them access to every form in the system without the ability to transact at all.

Steps

1) Go to System Administration -> Security Configuration

2) Go to privileges and create a new privilege

3) Click on Display Menu Items then click on ‘Add References’

4) In the dialog that pops up, click on the check mark in the menu bar next to ‘Name’ (this selects all options in the dialog)

5) In the bottom of the dialog, select which permission you would like to apply across all selected items (in our case we would select the Grant option on Read)

6) Click OK

Once we publish this privilege, we can validate that this process was successful by selecting our privilege we just created and clicking on ‘View Permissions’:

If you have any questions please feel free to reach out!

Some content first apeared in An Update to ‘Creating a Read Only Role for D365FO – User Interface’ by Alex Meyer