Documentation

Security Roles and Permissions

Suggest Edits

📘

Assigning a user a role will give them access to the application

Security Roles define what users can and cannot do in Work 365. Roles are assigned by an administrator and are based on job function. Each user should be assigned the role that matches their day-to-day responsibilities. A user can hold more than one role, in which case they inherit the combined permissions of all assigned roles.

Pre-requisites

  • In order to assign Work 365 roles, an individual must already have the necessary CRM role.
  • Only CRM System Admins can assign security roles.

Work 365 includes several pre-built roles tailored to different job functions:

Work 365 Security Roles

Work 365 Admin

The highest level of access in Work 365. Administrators have full read, write, and delete permissions across all areas of the system — including customer accounts, billing contracts, subscriptions, invoices, provider configuration, pricing, reports, and system settings. This role should only be assigned to users who are responsible for configuring and maintaining the Work 365 environment.

Typical users: System administrators, operations leads, IT managers.

Work 365 CS Manager

The Customer Success Manager role is designed for team leads overseeing a group of CS Representatives. CS Managers can view and manage all customer accounts, subscriptions, and billing contracts within their scope. They have elevated permissions compared to CS Representatives — notably the ability to approve time logs submitted by their team and access reporting and revenue data.

Typical users: Customer success team leads, account management managers.

Work 365 CS Representative

The Customer Success Representative role is for frontline team members who manage day-to-day customer relationships. CS Representatives can create and update customer accounts, manage subscriptions and license changes, and log time against services. They cannot approve time logs (that requires a CS Manager or Admin) and have limited access to billing configuration and financial settings.

Typical users: Customer success representatives, account managers, renewal specialists.

Work 365 Customer Service

The Customer Service role is focused on customer support and service delivery activities. Users with this role can access customer account records and subscription information needed to assist customers, but have more restricted access to billing and financial data compared to CS roles. This role is suited for support staff who need visibility into account status and subscriptions without the ability to modify contracts or pricing.

Typical users: Support agents, help desk staff, service coordinators.

Work 365 Sales

The Sales role is designed for users focused on acquiring and managing customer subscriptions from a commercial perspective. Sales users can work with customer accounts, view and manage subscriptions and product catalogues, and access relevant pricing information. This role typically has read-only or limited access to invoices and billing contracts — enough to support the sales process without allowing modifications to financial records.

Typical users: Account executives, sales representatives, partner account managers.

Work 365 Service

The Service role is intended for users involved in delivering services to customers — such as managing service requests, logging billable time, and tracking project work. Service users can create and submit time logs and access service-related records, but generally cannot modify billing contracts, invoices, or subscription pricing.

Typical users: Service delivery staff, consultants, project team members.

Work365 User (Deprecated)

This is a legacy role that is no longer recommended for use. It was included in earlier versions of Work 365 and has been superseded by the purpose-built roles above. Users still assigned to this role should be migrated to the appropriate current role. The deprecated role may have unpredictable or limited permissions and will not receive updates.

Action required: Reassign any users on this role to one of the active roles listed above.

Assigning Security Roles

  1. In Dynamics 365, go to Settings → Users.
  2. Select the user.
  3. Click Manage Roles from the ribbon.
  4. Check the boxes for the roles you want to assign.
  5. Save.

Creating Custom Roles

If the standard roles don't match your needs, you can create custom roles:

  1. Go to Settings → Security Roles.
  2. Click + New.
  3. Enter a Role Name.
  4. Expand each section (Common, Sales, Billing, etc.).
  5. Check/uncheck permissions for each table and action.
  6. Save the role.

Updated 14 days ago