Role-based security simplifies the balancing act between user access and protecting your data in Dynamics 365.
By implementing roles mapped to teams and their activities, you can can simplify user configurations to avoid the complexity of managing these individually.
This approach also avoids time-consuming steps if roles and policies change. For instance, suppose a service team should now have permission to create lead records. Using role-based security, this change could be made once and applied to all users.
As individual responsibilities change, access can easily evolve through centralised role changes rather than making individual tweaks.
Carefully structured roles save admin time, reduce access-related confusion for users, and help protect data.
Tightly controlled access through these centralised roles will help you enforce security policies while effectively supporting end users within an evolving organisation.
Let’s examine constructing roles for access control and usage needs.
How to Manage Dynamics 365 Security Roles
To configure and assign security roles, navigate to the Power Platform Admin Center.
After selecting your environment, admins can choose “Security roles” under the “Users + permissions” section. This will list all existing roles where adjustments can occur.
Changes will immediately be published in Dataverse, the database and storage capacity for Dynamics 365.
No matter where data is created or edited within Dynamics 365 or across the Power Platform, updates are routed through to Dataverse records and structures behind the scenes. This allows the Power Platform Admin Center to push role permission changes out to apps in real-time.
Security Privileges and Properties
Think of a security role like an ID badge that gets you into certain parts of a building. For Dynamics 365, these give people access to the data and tools they need to do their jobs, including:
- Privileges to access specific entities.
- Supported actions using access levels assigned to each privilege for creating, reading, updating and deleting data.
- Additional options include granting user permissions to export data, print or make customisations.
For Dynamics, the security role privilege editor uses coloured icons to explain the level of access. This includes:
- Global access to all records in the organisation for a specific table.
- Local access to records in a specific business unit.
- Basic access enabling users to access records they own and records that are shared with them or their team.
Each security role is assigned multiple privileges to reflect these responsibilities. This could result in an individual user having varying permission levels across different entities and records.
For instance, a sales development role may have global access to accounts but only local access to lead records.
When building security roles in Dynamics, you can assign access permissions aligned with roles and responsibilities. This is designed to avoid over-granting people access permissions they don’t need while ensuring that people can complete their work and collaborate.
Individual users can be assigned multiple security roles. These privileges are cumulative so each user will receive the privileges granted by each assigned role.
Best Practices for Configuring Security Roles
Configuring security roles requires careful planning to explore long-term access needs, organisational structures and future plans.
Here are five recommendations for managing roles:
- Check existing security roles before creating new ones to avoid potential duplication, which could increase security risks.
- Name roles clearly based on their actual purpose, like “Marketing Campaign Editor” or “Outbound Sales Development” to avoid confusion.
- Assign multiple narrowly controlled roles rather than a few far-reaching ones. This approach aligns with the principle of least privilege to safeguard data.
- Combine access levels across tables/entities to refine visibility. For example, a Support Agent role may provide local user-level access to cases with create and update privileges. However, this role might only allow read-only access to company-wide knowledge base records.
- Continually evaluate roles against compliance regulations in your industry. Adjust and refine these as appropriate to meet evolving audit standards.
Final thoughts
Dynamics 365 security role configurations and governance require vigilance and continuous care. As new features are introduced, workgroups restructure, and responsibilities evolve, changes to these setups are often needed. We recommend reviewing roles regularly to prune unnecessary access or amend to support additions.
To learn more about security roles for Dynamics 365, please get in touch, or visit learn.microsoft.com.
Updated: August 20, 2025