Work with Organization Roles
You can use organizational roles (formerly user profiles) to group roles to an organization function. This way you can easily authorize users.
This procedure explains how you can create an Organizational Role and how to link permission sets (formerly user roles).
Create Organizational Role
Follow the steps below to create an Organizational Role
Open the list Organizational Roles(formerly User Profiles) under Departments - Compliance - Security - Authorization Management - Organizational Roles.
1. Press Ctrl+N to create a new Organizational Role.
2. Complete the following fields in the header:
- Organizational Role: Clearly and recognizable code
- Description: e.g. Purchase Employee
Link permission Sets
Select in the left sub window the permission sets that are related to the organizational role after this is inserted.
- Click on arrow down button in field Permission Set ID to select the permission set you want to link.
- Repeat this activity till you have linked all desired permission sets.
- With the option All Companies it is possible to indicate that the Permission Set applies to All Companies. This option overrules the company authorization of the Organizational Role.
Link users
To authorize users they should be linked to Organizational Roles. Users can be linked to organizational roles in the bottom sub window of the window Organizational Role.
1. Click in the sub window Users on the arrow down button in the field User ID to select a user you want to link.
2. Complete (optional) for the user the fields:
- Company(Group):Add a company name to set company specific security. If it is empty the security is for all companies.
- Starting Date: Used for starting the assignment of the Permission Sets at a specified date.
- Ending Date: Used for ending the assignment of the Permission Sets at a specified date.
3. Repeat this activity till you have linked all desired users, it is possible to link database and windows logins in this window.
Release Organizational Roles
After all applicable Permission Sets and users are linked to the Organizational Role the profile can be released after acceptance by the organization. A released Organizational Role cannot be modified.
Release the Organizational Role by selecting Actions, Functions, Release (or Ctrl+F9).
- You can only release (and synchronize) Organizational Roles if all linked Permission Sets are released. See Manage permission sets.
Note! As long as the status of the Organizational Role is open and the Sync Status of the Permission Sets and Users is ‘To be synchronized’, Users and/or Permission Sets can be deleted with the standard Dynamics NAV method CTRL + Del. If the Organizational Role is synchronized, the linked Users and/or Permission Sets can only be deleted by manually changing the Sync Status to ‘To be deleted’.
Manage Organizational Roles
In the window Organizational Role(formerly User Profiles) you can manage Organizational Roles (insert, modify or delete). Deleting of Organizational Roles is only possible if there are no linked Permission Sets (formerly user roles).
Modify Organizational Role
Linked users and permission sets with Sync Status ‘To be synchronized’ can be deleted in accordance with the standard Dynamics NAV method (Ctrl+Del). After synchronizing a linked user or permission set, this is no longer possible because the standard Dynamics NAV tables will not be updated correctly. To modify an Organizational Role, you should first reopen the profile.
Set the field Status of the Organizational Role to Open or select Actions, Functions, Reopen.
Manage Permission Sets of an Organizational Role
- Open the according Organizational Role and go to the left sub window Roles.
- To delete a permission set from the Organizational Role modify field Sync Status of the Permission Set manually to ‘To be deleted’.
- To add a permission set to the organizational role select the role.
- With the option All Companies it is possible to indicate that the Permission Set applies to All Companies. This option overrules the company authorization of the Organizational Role.
Manage linked Users
1. Click in the right sub window Users on the arrow down button in the field User ID to select a user you want to link.
2. End the assignment of a user to an Organizational Role by setting the field Sync Status to ‘To be deleted’.
- Company(Group):Add a company name to set company specific security. If it is empty the security is for all companies.
- Starting Date: Used for starting the assignment of the Permission Sets at a specified date.
- Ending Date: Used for ending the assignment of the Permission Sets at a specified date.
3. Repeat this activity till you have linked all desired users, it is possible to link database and windows logins in this window.
Synchronize Organizational Roles
A released Organizational Role should be synchronized to activate the authorizations for the linked users. Only Organizational Roles with statuses Released or Synchronized can be synchronized.
Synchronizing actually assigns the Permission Sets to user accounts as configured in the Organizational Roles. Synchronizing a link which is already assigned reapplies the setup to the user account.
You can synchronize the current organizational role by selecting Actions, Functions, Synchronize Organizational Role or by selecting F9. The field Sync Status on the header changes from ‘To be synchronized’ to ‘Synchronized All ’.
TIP! SelectActions, Functions, Synchronize All to synchronize allreleased Organizational Roles.
TIP! Use the Job Scheduler to periodically synchronize all released Organizational Roles.