Today, we are going to talk about the “Set up roles for data projects” tile within the Dynamics 365 for Finance and Operations Data Management workspace:
As the tile name suggests, least privilege security can be set up, so a user or role only has access to specific, previously created data projects.
Clicking on the tile opens the following page:
Let’s walk through the columns on this screenshot.
Disable – If this is checked, as on lines 2 and 4, the rule setup is not active
Apply processing group to – This field establishes the rule for a specific data project or all data projects.
Processing group – If the previous field, “Apply processing group to”, is set to table, a data project must be selected in the Processing group field.
Grant access to – This field offers three possible selections as shown above. Lines 1 and 2 are set to a specific user role so if the user accessing Data Management does not have the rule, the project will not be visible to them. Line 3 shows that the rule is set to a specific user. Line 4 applies to all users with access to Data Management.
Role name – This field is to be populated when access is being granted to a specific role as is the case with lines 1 and 2.
User name – This field defines the specific user given access when “Grant access to” is User.
It is important to note that the creation of data project roles does not override the roles, duties and permissions setup on each individual user in the System Administration module. If a user or role added to a data project does not have the standard permission to maintain the information within Dynamics 365 F&O beyond the Data Management workspace, the user still will not be able to see the data project.
For example, assume the following two data project roles have been created:
Looking at role number 1, if Alicia does not have a user role that allows her to go into the Accounts Receivable module and create or modify Customer Groups, Alicia will not be able to see the IMP Customer Groups data project.
For role number 2, because the out of the box Product Designer role does not allow for creation or modifying of Customer Groups, any user with this role still will not be able to see the IMP Customer Groups data project.
And finally, any user that needs access to the Data Management workspace must have, at a minimum, the user role “Data Management Operations User”.
"We met our three project goals of 100% completion of critical business requirements at Go Live, completed with 90% Best Practices or better, and GO Live done in a timely manner."