*** NOTE: ALL INFORMATION IS ACCURATE AT DATE OF PUBLISHING ***

This is the final instalment of the Security Role Miscellaneous Privileges series. Part Four covers the Customisation tab (which could almost do with it’s own blog post… but maybe for another day ????). You can find the previous posts here: Part One, Part Two & Part Three.

Miscellaneous Privileges

Activate Business Process Flows

A security role can allow access for a user to create a Business Process Flow, but without the Activate privilege the Activate option is missing. Also, if trying to edit an existing BPF, the Update and Deactivate options are unavailable.

Activate Business Rules

A security role can allow access for a user to edit forms and then add a business rule. The business rule can be saved but the Activate option is not available. Another user with the Activate Business Rules privilege on their security role could then activate it instead. If a user without this privilege views an active Business Rule, the Deactivate button will not be available.

Activate Real-time Processes

A process can be run either as a real-time process or a background process. If a real-time process is created by a user with permissions to do so, they will need the activate real-time processes privilege on their security role to make it active. Without this access the Activate button will be missing from the top of the process.

Configure Yammer

No doubt you have seen, or even used the Wall functionality in D365. After you set up your organization to work with Yammer, employees will see posts in a newsfeed on their Microsoft Dynamics 365 dashboard whenever people update customer info, and they’ll be able to join in the conversation with their own posts. If the ‘Configure Yammer’ privilege is not enabled on a security role, users will not see the option below to configure Yammer in the Settings>Administration area. You can get more information about Yammer and D365 here.

Execute Workflow Job

If the Execute Workflow Job privilege is not granted, the Run Workflow and Start Dialog options will be missing from the ribbon. If you want users to be able to use processes they must have this enabled.

Import Customisations, Export Customisations, Publish Customisations,

Modify Customisation constraints

Without each of the privileges above, several buttons will be missing from the Solutions area (from Settings>Solutions). The button highlighted in blue allows the user to Import a solution file. The button highlighted in red allows the user to Export a solution file. The button highlighted in green allows the user to Publish customisations for a solution file. The Modify Customisation constraints doesn’t currently do anything. With or without the modify, a user (if they have access to the solutions entity) can make changes to an unmanaged solution.

ISV Extensions

This was a tricky one, and could be that the privilege does more than I could figure out. This site claims that the privilege is not in use. However, this older article claims that it needs to be given in order to display renamed information form navigation pane group headings. So, if the navigation headings are changed from the defaults like so:

A user without the ISV Extensions privilege on their security role will see the default headings below. Upon assigning the privilege, the headings displayed in the navigation are the same as those on the form. Very strange that there isn’t more written about this. Do you know of any other areas that this privilege impacts? Leave a comment at the bottom of the post.

*NOTE – 17/01/2019* Comment from Hubert Solecki. Thanks Hubert!

The ISV Extensions privilege is needed when you need to set up Office 365 Groups on Dynamics 365.

Learning Path Authoring

Learning Path is available in D365 giving you the ability to create context rich training that relates specifically to the users of the system. It allows for videos, walkthroughs and articles to be used to help enrich the user experience. This article should give you a good overview. The Learning Path Authoring privilege should be assigned if you wish to have users create content.

Not only does this need to be set on the security role, but users must also be added to the  O365 Learning Patch Authors security group from the O365 Admin portal.

Retrieve Multiple Social Insights

Without this privilege, a user will not have access to configure Microsoft Social Engagement which is accessed through the Settings>Administration area.

Run Flows

The Run Flows privilege will give a user access to Microsoft Flows. Without it, the Flows option below will be missing from the ribbon. For more information on Flows vs D365 Workflows, check out this great article from Hitachi Solutions.

Read others in the series:

Miscellaneous Privileges on Security Roles – Part One
Miscellaneous Privileges on Security Roles – Part Two
Miscellaneous Privileges on Security Roles – Part Three

Helpful Info

This link from Microsoft provides a mapping of the security role user interface to the privilege names.

Security role UI to privilege mapping


Check out the latest post:
Auto Assign Leads Without Code Using Lead Scoring & Work Assignment


This is just 1 of 477 articles. You can browse through all of them by going to the main blog page, or navigate through different categories to find more content you are interested in. You can also subscribe and get new blog posts emailed to you directly.




3 thoughts on “Miscellaneous Privileges on Security Roles – Part Four

  1. The ISV Extensions privilege is needed when you need to set up Office 365 Groups on Dynamics 365.

    1. Thanks Hubert! I have just updated the post to include this comment. Do you have a website? Happy to link to it for some credit back!

  2. Useful article Megan, it is also needed while adding a new Navigation Link. I added new navigation link, pointing to a web resource but the navigation link wasn’t showing up for non-admin users, after long research found that this is needed. Enabled it and worked like a charm!

    Thanks
    Jeevarajan Kumar
    TGD – CL

Comments are closed for this post.