Creating Read-Only Roles for Microsoft Dynamics 365 Finance and Supply Chain Management This blog post was authored by Sarah Guthrie - Senior Consultant, Enterprise Application Solutions on Protiviti's technology insights blog.In today’s fast-paced business landscape, organisations rely heavily on robust enterprise resource planning (ERP) systems like Microsoft Dynamics 365 Finance and Supply Chain Management to streamline operations and drive growth. However, granting unrestricted access to sensitive financial and operational data can pose security risks and compromise data integrity. That’s where read-only roles come into play, providing a powerful solution to strike a balance between providing visibility and restricting modification capabilities.Microsoft Dynamics 365 Finance and Supply Chain Management gives clients the ability to customise their security environment, providing the flexibility needed to modify Dynamics 365 security to fit their business and user needs. At a high level, the elements that make up Dynamics 365 security are roles, duties, privileges and securable objects. When modifying security, it is best practice to follow the security hierarchy. This hierarchy states that securable objects are assigned to privileges, privileges are assigned to duties, duties are assigned to roles, and roles are assigned to users. This enables security to be linear and uniform, preventing confusion or accidental incorrect assignment. Topics Cybersecurity and Privacy Data, Analytics and Business Intelligence Cloud There are four access types a developer can assign to a role: read, update, create and delete. This access is granted at the securable object level. Access becomes very prevalent when restricting permissions. One way to restrict access is by creating a read-only role. Read-only roles can be used to limit a user’s functionality by removing the ability to create, modify or delete data in the application. An example use case for a read-only role is for audit personnel. Often, audit requires the ability to view all items, but should not be able to update. D365FO has out-of-the-box duties and privileges that may initially appear to be limited to read-only access but actually provide more than just viewing capabilities. These duties and privileges begin with the words ‘inquire’ or ‘view.’ For example, the ‘inquire customer retention’ duty appears to be read-only but contains the ‘maintain customer retention’ privilege. It is important to take this into consideration when building read-only roles. To ensure a role is strictly read-only, check the role permissions report and ensure all fields above read are unset. When creating a read-only role, it is important to ensure that the assigned securable objects do not provide access above read. The process to create a read-only role includes: Creating a new privilege and assigning the necessary securable objects with read-only permission. Creating a new duty and assigning the privilege created in step one. Creating a new role and assigning the duty created in step two. Once a role is correctly created, the changes should be published so they can be assigned to users. It is necessary to follow the correct change management guidelines to promote and test security through appropriate environments. Any changes related to end-user security must be driven by business input rather than being led solely by IT. Prior to implementing any changes, it is essential to obtain approval and sign-off from the respective business owners. Image On the system administration page, assign securable objects to a privilege. Also, ‘unset’, ‘grant’ or ‘deny’ access to that securable object. When creating a role, there are scenarios that may arise in which additional security types beyond the security object (e.g., user groups, table permission framework, etc.) are required to grant access. When creating a read-only role, it is important to validate that additional access is not being granted by these other security types. In addition, there are menu items that require greater than read access to be fully operational (e.g., the menu item “Sales and Marketing > Sales Orders > All Sales Orders > Open” requires edit access to be visible.). These are important to take into consideration when building security. Creating read-only roles in Microsoft Dynamics 365 Finance and Supply Chain Management is a fundamental step to ensuring data security, compliance and operational efficiency. By granting read access while limiting write and delete permissions, organisations can strike the right balance between productivity and security. Implementing well-designed read-only roles can enhance transparency, streamline auditing processes and empower employees with the necessary insights for informed decision-making. To learn more about our Microsoft consulting solutions, contact us. Find out more about our solutions Security A comprehensive security platform integrates tools and provides teams with a single view to enable faster detection of and response to threats. Leveraging Microsoft’s Security Suite of Defender, Purview, Sentinel, Priva, Entra and Endpoint Manager, Protiviti provides end-to-end security for the entire enterprise. Digital & Application Innovation Digital and application innovation drives business outcomes. Protiviti helps organisations modernise applications, improve customer experience, and embrace new technologies on Microsoft Azure to support business strategies, optimise business processes and build innovative solutions. Microsoft Consulting Solutions Protiviti is a Managed, Microsoft Cloud Solutions Partner with proficiency in all 6 designations: Modern Work, Security, Data and AI, Infrastructure, Digital and Application Innovation and Business Applications. Leadership Shane Silva Shane is an accomplished managing director based in Sydney, leading the data governance and technology assurance practices. With a career spanning more than 16 years in the professional services industry, Shane is recognised for his exceptional expertise and proficiency ... Learn More Alex Setchin Alex is a managing director and the cloud solution lead for Australia. He is an accomplished and trusted technology professional with a strong track record in building enterprise cloud solutions, technology strategies and architectures and leading large-scale ... Learn More Tim Speelman Tim is a director with a track record of developing and implementing strategic plans that align with the demands and gaps of global and local enterprises. Before joining Protiviti, Tim was a regional CISO responsible for APAC within a large recruitment company with core ... Learn More Krishnan Venkatraman Krishnan is a director with over 14 years’ experience in professional services. He has specific expertise in technology risk consulting and has been advising clients both in the public and private sector in designing and implementing information security controls.Major ... Learn More Featured insights BLOGS Building a Business Case for Copilot for Microsoft 365 – A Game-Changer for Business Efficiency With the rapid rise in artificial intelligence (AI) tools, companies are updating technologies and processes as quickly as budgets allow. Industries are transforming rapidly as the drivers for economic growth are evolving. BLOGS Improving Financial Services’ Efficiency with Copilot for Microsoft 365 In an era of rapid technological advancement, businesses are increasingly turning to artificial intelligence (AI) to enhance productivity, streamline processes and improve decision-making. One such tool making waves in the financial services sector... BLOGS Unlocking Agile Insights: Building Automated Burndown Charts with Microsoft DevOps Analytics View and Power BI In the fast-paced world of software development, staying ahead of the curve requires more than just coding prowess. Agile methodologies have emerged to provide a structured framework for teams to navigate the ever-changing landscape. BLOGS Building an Accessibility Culture with Copilot for Microsoft 365 Organisations across the U.S. recognise the criticality of accessibility for both consumers and employees. This concern dates to the early 2000s, when several well-known brands were targeted by lawsuits that ultimately changed how e-commerce works.... BLOGS Cloud synergy: Microsoft Azure and its relationship to Microsoft 365 As organisations increasingly embrace cloud-based technologies to enhance productivity and efficiency, understanding the dynamic relationship between Microsoft Azure and Microsoft 365 becomes crucial for maximising their potential. With the power of... BLOGS Microsoft SharePoint Premium simplifies content management and governance Content management involves the creation, organisation, storage and distribution of digital content within an organisation, ranging from documents and images to videos and web pages. One of the biggest problems businesses face with content management... BLOGS 9 common errors to avoid while implementing security in Microsoft Dynamics 365 Finance and Operations Microsoft Dynamics 365 Finance and Operations (D365FO) is a comprehensive ERP solution that empowers businesses to optimise financial management and operational efficiency. With its integrated approach, powerful analytics, scalability and continuous... BLOGS Navigating the GenAI course with Microsoft Copilot Generative artificial intelligence (GenAI) is a hot topic these days, and not just in the IT world. The statistics indicate off-the-charts interest in GenAI’s capabilities, with AI spending predicted to more than double to $300 billion by 2026.... BLOGS Azure DevOps: 3 tips to organise work items using standard functionality To effectively manage software development projects, it’s crucial to organise work items efficiently. Proper organisation not only boosts productivity but also enhances collaboration among team members. Microsoft Azure DevOps (ADO) is a powerful... BLOGS Capabilities, limitations of Microsoft’s native SoD tool Segregation of duties (SoD) is a well-known term among auditors and anyone who has ever been audited. SoD is the understanding that no user should have access to two conflicting business functions that would allow a user to commit fraud or error (e.g... BLOGS Migrating Security from Microsoft Dynamics 365 Finance and Supply Chain Management This blog post was authored byJulia Artzi - Consultant, Sarah Guthrie - Senior Consultant, Enterprise Application Solutions onThe Technology Insights Blog. MicrosoftDynamics 365 Finance and Supply Chain Management (D365 F&SCM... Button Button Featured client stories Global Hospitality Company Achieves Efficiencies with Microsoft and Nintex A global hospitality company needed to transition their highly manual process for RFPs to one that was more automated. The need to update their processes was driven by the changes required to address the Covid-19 pandemic, which created a dynamic... Global Retailer Goes Digital: Revitalising Store Operations and Enhancing Community Commitment Protiviti leveraged Microsoft Power BI to help this client transform its operational analytics. We built a user interface that generates analytics every 15 minutes and is easy to use with little training required. From staffing and sales targets to... Intelligent Document Retrieval System, Powered by Responsible AI, Helps Reduce Air Pollution Empower your engineers with responsible AI for efficient air pollution reduction. Our AI solution saves time, money, and reduces manual labor. Global Health Services Company Modernises Data and Applications with Microsoft A global health services company needed to execute on its corporate promise to deliver affordability and convenience to its patients. However, the company discovered that there was a disconnect between that promise and intended delivery. Further... Manufacturer Optimises Supply Chain Analytics With Azure Machine Learning Global Manufacturer optimises supply chain analytics with Microsoft Azure Machine Learning significantly improving its ability to adapt to rapid changes in both processes and cost analyses. Button Button