Security Roles and Permissions

📘

Assigning an user a role will give them access to the application

Work 365 Security Roles are additive roles based on existing Dynamics CRM roles. They are not standalone Work 365 roles.

Pre-requisites

  • In order to assign Work 365 roles, an individual must already have the necessary CRM role.
  • Only CRM System Admins can assign security roles.

Here is the recommended role mapping

  • Work 365 Admin ➤ Sales Manager + CSR Manager (finance and admin)
    • Can modify Work 365 Configuration Settings
    • Cannot Set up a new Work 365 provider (only a System Admin can do that)
    • Time billing: has access to create/update/delete any time logs along with related time entities. Can also approve time logs.
  • Work 365 Customer Service ➤ Customer Service Representative
    • Can sync subscriptions
    • Provision Accounts in Partner Center
    • Update Changes to License Change Logs on subscriptions (cannot create license changelogs)
    • Cannot charge customer Credit Cards, or create Payment Profiles
  • Work 365 CS Representative ➤ Person creating time logs in Work 365
    • Can only create/update/delete one’s own time logs
  • Work 365 CS Manager ➤ Person approving time logs in Work 365
    • has access to create/update any time logs along with related time entities
    • can delete only time entity records owned by the user
    • can approve time logs
  • Work 365 Service Role used by the Work 365 Application User
    • Have the same rights as the Work 365 Admin account.
    • It is recommended this security role only be used for the Work 365 service account.
  • Work 365 Portal Service ➤ Work 365 Application User
    • Enables the Work 365 Application user to complete the portal initialization in Dynamics
    • After upgrading the portal solution without System Administrator permissions in Dynamics.
  • Work 365 Sales ➤ Sales Person
    • Can create Billing Contracts, subscriptions
    • Provision Customer Accounts in the Partner Center
    • Update Changes to License Change Logs on subscriptions (cannot create license changelogs)
    • Can only read templates, and can read their own incentives plans
    • Cannot charge customer Credit Cards, or create Payment Profiles
    • Can generate invoices
      Follow this article on creating a custom security role if needed.