Permission Sets and User Groups In Dynamics 365

PERMISSION SETS

Permission sets are used in conjunction with User Groups to control what data and companies users have access to by using filters. For example, you can assign a manager in P&CC to only be able to see data and generate reports for P&CC. AMS uses a few permission sets to control access:

AMS-BASIC - These are a standard set of permissions that let users access the Dynamics platform

AMS-BASIC-LSC - These are a standard set of permissions that let users access LSRetail

AMS-XXX - These are permissions specific to a service / office and let managers generate reports for their department

VIEW CURRENT PERMISSION SETS

1. Go to the following module: Permission Sets
   
   
2. You will see that there are many permission sets created already per department. Let's use P&CC as an example.
   
   
3. Click on the 3 dot ellipses next to AMS-PCC (1) and select Permissions (2) under the Process menu:
   
   Alternatively, you can select AMS-PCC and select Permissions from the header menu to open the same location.
   
   
4. This will open the Dimensions for that permission set.
   
   
5. Scroll over to the right and you will see two areas under entries under the Security Filter column.
   
   
   
6. Clicking on each field and choosing the 3 dot ellipses will open up the table filter. Here you will see that the G/L Entry field is being filtered to PCC. In the third field you will see that the Acc. Schedule Name field is also being filtered to PCC.
   
   The 2nd and 4th fields (Purchase Header and Purchase Invoice Header) are set to filter based on the approval code that was provided by the accounting department.
   

   

   
   

   

   
   
   
7. These filters work to ensure that managers for PCC can only access the G/L for P&CC.

CREATING NEW PERMISSION SETS

Occasionally you will need to create a new permission sets if a Service or Office does not exist yet in the Dynamics 365 platform. This can be done by copying a current permission set and changing the filter.

1. Head into the Permission Sets module. 
   
   
2. Select a current Permission Set like AMS-PCC (1) and select Copy Permission Set (2) from the top header bar. 
   
   
   
3. You will then need to name your new permission set. Ensure that you follow the same naming standard as the rest of permission sets using the 3 character code for the department.
   
   
4. Edit the Permissions for that Permission Set by clicking on the newly created Permission Set and selecting the 3 dot ellipses next to the name and choosing Permissions.
   
   
5. Change the 2 security filter fields to reflect the department as shown in Step 6 above. Make sure to press the TAB key to save your changes.
   
   

GROUPS

Groups are used to control Departmental Access and work in conjunction with Permission Sets. A Group contains Permission sets. Everything regarding access permissions should always be done under User Groups memberships, NOT by importing permission sets or assigning individual permissions.

VIEWING GROUPS

1. Head to the following module: User Groups
   
   
2. This will display all current groups in Dynamics.
   
   
3. Continuing with our example of P&CC, we want to ensure that Managers in P&CC can only see P&CC information. Click on AMS-PCC and choose the 3 dot ellipses next to it and select Permissions.
   
   
   
4. This will show the 3 Permission sets that are in this group. If you recall from earlier, the following are the permission set descriptions:
   
   AMS-BASIC - These are a standard set of permissions that let users access the Dynamics platform
   AMS-BASIC-LSC - These are a standard set of permissions that let users access LSRetail
   AMS-PCC - These are permissions specific to PCC and let managers generate reports for their department by using filters for PCC
   
5. Now, let's look at the members of this group. Click on AMS-PCC and choose the 3 dot ellipses next to it and select Members. 
   
   
   
6. This will open up all the members who belong to this group.
   
   In this case we can see currently the P&CC Manager and Operations Officer have access.
   

   
   

7. Lastly, if you go back to the User Groups module you will see a column called Default Profile
   This controls what type of view and profile settings they have when they sign in. There are different types of profiles but most users will get the AMS-TEAM-MEMBER profile. Currently, the only exception is accounting which displays a different type of dashboard when they sign in.
   
   
   

MODIFYING PERMISSION SETS AFTER UPGRADES

Sometimes after Dynamics performs a system upgrade, it is required to update permission sets as we use custom permissions that get defaulted after the system has gone through its upgrade cycle. Please see the following support article.

CREATING GROUPS

Sometimes you will need to create a new group for a new department or service that does not exist in Dynamics 365.

1. Head to the module User Groups and select the New button in the header:
   
   
   
2. Name your group according the the AMS standard with the 3 character department code.
   
   
3. Assign Permissions Sets by following step 3 above and assigning the following dimensions:
   AMS-BASIC - These are a standard set of permissions that let users access the Dynamics platform
   AMS-BASIC-LSC - These are a standard set of permissions that let users access LSRetail
   AMS-XXX - Name of new department
   
   
4. Assign members to this group by following Step 5 above.
   
   
5. Don't forget to add a Default Profile as in Step 7 above.