User Security Capabilities and Differences in NAV 2017 and Dynamics 365 Financials
Introduction
User security can be achieved by assigning different permission sets to users. Permissions can be assigned to users as per their role. A permission set is a collection of database permissions for one or more objects in the Microsoft Dynamics NAV database and Dynamics 365 Financials that you can assign to one or more users.
This article summarizes User security capabilities and differences in Navision 2017 and Dynamics 365 Financials. And can be used as guide when evaluating which platform to select for an implementation, when you have specific security requirements.
We have implemented User Security for our Client Titan Labs. You can read its case study here.
The following is a Scenario for a Sales User:
Administrator User having Super permissions creates a Sales user who will have access to only Sales, Customers and Items. Other information on Finance, Purchase etc. should be hidden from this Sales user.
Prerequisite:
1. Microsoft Dynamics Navision 2017
2. Microsoft Dynamics 365 Financials.
User Security in NAV 2017
- In Navision 2017, Administrator user having Super Permissions creates a new permission sets which include access to only those objects i.e. tables, pages etc. which the user should access. E.g. A sales user can access sales orders, sales quotes etc.
- The new permission set created is assigned to the user. This will ensure that the user does not have permissions to access any tables, pages or any other objects regarding finance, purchase etc.
- Depending on the setting in theUI Elements Removal field in the Microsoft Dynamics NAV Server Administration tool, only UI elements on objects in the license or on objects that the user has permissions to will appear in the user interface.
- LicenseFileAndUserPermissions is selected for the UI Elements Removal field in the NAV Server Instance. This ensures that a UI element is removed if the related object is not included in the license file and the user does not have permissions to the object as defined in the AccessByPermission property for the related UI element.
- A copy of permission sets can be created and edited.
Dynamics 365 Financials
- In Microsoft Dynamics 365 Financials, the Administrator user having super permission can create users in the Admin centre but only the default permission sets available in Dynamics 365 Financials can be assigned to the users, it is not possible to edit or add to the existing Permission Sets.
- Permissions Sets are assigned to each user in the User Card either by directly adding them or by associating a User Group which has Permissions sets assigned.
- It is suggested to give D365 BASIC permission set to all users. This will allow users to get into Dynamics 365 for financials and open the home page without permission errors.
- It does give READ (but not INSERT, MODIFY, or DELETE) access.
- Sales User is assigned a Predefined User group D365 Sales. This user has following permissions
- D365 BASIC
- D365 CUSTOMER EDIT
- D365 CUSTOMER, VIEW
- D365 ITEM, EDIT
- D365 ITEM, VIEW
- D365 SALES DOC, EDIT
- D365 SALES DOC, POST
- D365 DYN CRM MGT, LOCAL
- After assigning D365 Sales User Group to the Sales User, the Role Centre displays information with respect to the User group assigned i.e. D365 Sales but the User will still have access to Information like Finance, Purchase etc. when he tries to find it using the search bar which actually should be disabled.
- A copy of permission sets cannot be created. Permission error is displayed.
- Error displayed while creating new permission set.
Note: The above error was raised at Dynamics 365 Business edition community, and we received a response from Microsoft employee that the functionality to fine-tune permissions for users will be added in a future update.
Conclusion
Microsoft Dynamics Navision 2017 allows an Administrator user to create Users with limited permissions by creating new permission sets and assigning it to the User.
Dynamics 365 Financials allows an Administrator user to create Users but is not allowed to create new permissions sets. The default permissions sets can only be assigned to the User.