A common problem in Dynamics 365 FO involves assigning roles to users. If you need to assign multiple roles to multiple users, instead of doing the task manually, it may be useful to use data entities.
The useful data entities are:
| Data Entity Name | Description |
|---|---|
| System Security Role | List of roles and their description present in the system |
| Security user role association | Assign roles to users |
| SystemSecurityUserRoleOrganizationEntity | Assign the user-role pair to a company |
Assign roles to users
To assign roles to system users it is necessary to use the System Security Role entity. To use this entity correctly, the following fields must be entered:
| Field Name | Description |
|---|---|
| USERID | The user id |
| SECURITYROLEIDENTIFIER | Role technical name |
| ASSIGNMENTSTATUS | Set to Enabled like default value |
| SECURITYROLENAME | Role name |
To understand how to value the SECURITYROLEIDENTIFIER and SECURITYROLENAME fields, you can proceed in two ways:
Way 1
Export the System Security Role entity and use the SECURITYROLEIDENTIFIER and SECURITYROLENAME fields to retrieve the necessary information.
Way 2
If you have access to the development environment, in the AOT, search for the desired role. In the object properties it is possible to obtain the technical name of the role and the name (label). See the image below.
Final step
Now you need to import the Security user role association entity via the Data Management. In the mapping, you can delete the ASSIGNMENTMODE field.
Assign organization to the user-role pair
To assign an organization to the user-role pair, the entity SystemSecurityUserRoleOrganizationEntity must be used. To use this entity correctly, the following fields must be entered:
| Field Name | Description |
|---|---|
| USERID | The user id |
| SECURITYROLEIDENTIFIER | Role technical name |
| ORGANIZATIONTYPE | Type of organization (Legal entity, Operating Unit) |
| ORGANIZATIONID | Company code or Dep Id |
| OPERATINGUNITTYPE | Type of Operating Unit |
If you want to limit the role only to a legal entity, you can ignore the XXX field.
Depending on the type of pair you want to import (user – legal entity or user – organization unit) change the mapping accordingly. In the photo below the mapping is valid when you want to limit the role only to certain legal entities.
