With Platform Update 8, Microsoft has added some more data entities surrounding security.

SecuritySubRoles – shows the relationship between role -> subroles

SecurityDuties – shows relationship between role -> duties, this could be used if using the out of box Segregation of Duties functionality from D365FO

SecurityPrivileges – shows relationship between role -> privileges

SecurityPermissions – shows role -> resource (name and type) -> access, this is essentially a role access report

All of these data entities are available by going to <BaseD365URL>/data/<NameOfDataEntity>.

So for example, if your base URL is https://D365Update8 then the calls would be as follows:

• https://D365Update8/data/SecuritySubRoles
• https://D365Update8/data/SecurityDuties
• https://D365Update8/data/SecurityPrivileges
• https://D365Update8/data/SecurityPermissions

Having these data entities exposed, makes it very easy to programmatically consume these and generate reports off of them. I would point out there there are still some glaring data entities currently missing from the out of box ones generated by Microsoft, specifically:

• There is no data entity to return all of the roles, duties, or privileges in the system, just the associations between them
• There is no data entity to return the role -> duty -> privilege hierarchy (missing the duty -> privilege association currently)

I would also be cautious about writing to or deleting from these data entities to change security, as by doing this you have no real control over how this security is implemented (won’t be in version control via AOT change and don’t really know in what layer the security will be modified).