This post is part of a series that I am creating which go over Configurations as they relate to Microsoft Dynamics 365.

Security is probably the most important aspect of Microsoft Dynamics 365 and why it is so successful. Almost all tasks are in relation to a background security model that you as an Admin have set up. Security is such a vast topic, so I have split it into two different posts.

Security Roles

The purpose of a security role is so that Users can only have access to the information that they need. You don’t want Users to drown in useless information just as much as you don’t want them to be able to walk off with all your companies’ secrets. All Users must be assigned at least one Security Role before they have access to your Dynamics 365 instance. If a User is assigned more than one security role, they will be granted the least restrictive combination of the two or more.

You can associate a User or a Team with a security role. Out of the Box, several security roles are already in the system. You can either use one of those security roles or rename and change them to fit your organization’s needs. System Administrators have the default ability to do anything in the system. At least one person must be granted the “System Administrator” role.

To see the security roles, go to Settings, Security, Security Roles.

You can either create a new security role whenever you want a new one, or you can copy an existing role and modify it. I recommend the second approach because half of the work is already done for you. To do this, you select the role closest to the one that you are creating and select “copy.”

Assigning Security Roles

There is an approach to assigning security roles that I have found to be the best way. In general, you give every single employee a baseline security role. Then you give different Business Units like Sales and Service, access to only what they need. So, a Sales employee will have the baseline permission and Sales Permissions. As Sales employees get promoted, their access will become less restrictive.

To assign a Security Role, Go to Settings, Security, Users, select a User, and press “Manage Roles.”

Once clicked, we can select one of the pre-made security roles.

Keep in mind that if you change the Business Unit, the Security role will be erased as well.

Business Units

Business Units consist of Users, Teams, and Security Roles. The first Business Unit is the Root Business Unit. The Root Business Unit can be renamed but can’t be deleted or downgraded to a Child Business Unit. When you create a Security Role and assign it to a parent Business Unit, all of its child Business Units will inherit that Security Role.

All other Business Units are child Business Units. Child Business Units can be renamed, deleted, and moved.

An example of this, pictorialized, is in the image below. My Root Business Unit is TaylorJohnsonCRM, with two child Business Units named Sales and Service.

Create a Business Unit

To create a Business Unit, go to Settings, Security, Business Units, and press “New.”

This will open up a form where you will fill in the information on that given Business Unit. You can also select what you want the parent Business Unit to be.

When we are done creating Business Units, we can see that they populate. In this screen, we can easily see what the parent Business Units are as well.

The definitions are based on the Microsoft Dynamics 365 website. I encourage you to look at them. These documents are helpful when you want to learn more in-depth on any subject.