Microsoft’s validation of Dynamics 365 for Finance & Supply Chain licenses is on it’s way. As many customers are in the process of ensuring they are compliant, Microsoft is adding new features to help with this process.
One that I first noticed in the 10.0.45 (10.0.2345.117) is a new feature surrounding the duplication of security layers. Let’s take a look at what’s new!
Scenario
The scenario in this case is that I want to duplicate the Accountant role, currently this role requires either a ‘Finance’ or ‘Finance Premium’ license but I would really like to require an ‘Operations – Activity’ license:
New Feature
If I now go to the Security Configuration form and click on the ‘Duplicate’ button:
The dialog that appears allows me to name the role, but also select which License SKU this new role should require:
In my case, I selected ‘Operations – Activity’:
To perform this, D365FSC looks at the current duties assigned to this role and determines which duties need to be removed to make this new security layer the correct license type. If some duties had to be removed, a warning message log is generated:
With the warning message, D365FSC will report the number of duty references that had to be removed as well as give you the option to download a more detailed report:
The excluded references file contains the duties that were removed because they required a higher license than ‘Operations – Activity’:
Once we let the new security layer be processed for licensing, we can validate that this new security layer does indeed lower the license requirement to ‘Operations – Activity’.
Observations
1) The same process works for duties as well, in this case the system looks at the privileges assigned to the duty and removes those that are required to meet the license requirement.
However I did notice the excluded references file is not generated even if privileges are removed.
For example, I took the ‘Approve BOMs’ duty which requires a ‘Supply Chain Management License’ and tried the same process of lowering it to ‘Operations – Activity’:
The privileges ‘Approve BOMs’ and ‘Approve BOM versions’ were removed, leaving only ‘View BOMs’ which actually makes this duty only require a ‘Team Member’ license:
But there was no notification during the creation of the duty that these privileges would be removed.
2) The security layer duplication feature does work at the privilege level, however I did not see the ability to set a license on the new security layer.
Conclusion
The ability to set a license requirement on duplicated security layer is another feature added by Microsoft to help customers meet their license requirements, which I think can be extremely powerful if used correctly. But it is important to understand what the process is actually doing to ensure you are not removing access that a user might otherwise need.