Report-Level Security – D365 Finance and Operations Embedded Reporting

By - August 21, 2020

Next to gaining insightful information, report security is oftentimes cited as a critical necessity when it comes to reporting requirements. Managers and Top-level executives want to know who has access to the data and they want to ensure that access is restricted to only those who need access to perform their specific job functions. Dynamics 365 Finance and Operations utilizes a Role, Duty, Privilege security architecture that allows administrators to easily assign Users to different Roles that have varying Duties and Privileges. For reporting, we can add a specific report (SSRS or Power BI) to a Privilege via the Application Explorer (AOT) in Visual Studio and then assign the Privilege to a Duty or Role. This assignment can be accomplished inside Visual Studio or in the Finance and Operations application. By adding the report to a Privilege, we can ensure user access to the report is restricted to only those who need access. Let’s go into a bit more detail.

Making the report visible

At this point, the report is built and you currently have it in your Solution. In order to allow users to see the report in the Finance and Operations application, it needs to be assigned as an object in a Menu Item. If we didn’t care about security (which we do), we could simply add the Menu Item to a Tile and attach the Tile as an Element in a selected Menu space. Without the Menu Item being assigned to a Privilege, only users with SysAdmin Roles will be able to view the report. Since we don’t want all users to have SysAdmin Privileges, it’s important that we assign a specific Privilege to our report.

To do this, we’ll add a privilege object to our Solution and assign our Menu Item as the Entry Point. This gives us our starting point on which we can expand access to Duties and Roles. It’s also important to set the Access Level. In most instances, we’ll want to set the level to Read-only.

We can add this privilege to an existing Duty or Role from either in Visual Studio or D365. In Visual Studio, we would extend the Duty/Role that we want to add the privilege to then drag the privilege from the Solution Explorer and drop it into the privilege section of the Duty/Role. We can accomplish this same task in the application by going to Modules > System Administration > Security > Security Configuration. Find the Role/Duty you’d like to add the privilege to and select it. Also, select Privileges under the reference table. With both the Role/Duty and Privilege selected, click on the Add References link.

This will bring up a window with all available Privileges. Find the Privilege associated with your report and add it to the Role/Duty. Once added, click on the Unpublished Objects link and publish the change. The Privilege has been added to the Role/Duty and the change has been published; now what? Actually, that’s all there is to it. The Privilege associated with our report can be added to other Roles and Duties as needed.

What happens next?

Reporting security doesn’t have to be an arduous task. With Microsoft’s security architecture, we can control who has access to specific reports by adding privileges to our solutions and then sharing access with approved Roles/Duties. The steps above are just a brief overview of how security can work specifically as it applies to reporting in D365 Finance and Operations. For further information, I encourage readers to review other security-related topics at . In my next blog post, I hope to tackle the topic of Row-Level Security. See you then.

Receive Posts by Email

Subscribe and receive notifications of new posts by email.