Skip to navigation Skip to content

Tech Insights 4 min read

What are the different types of security roles in Dynamics 365 ?

Start using Microsoft Dynamics 365 Marketing, and you will realize that this amazing platform is a storehouse of data. Naturally, you won’t want just anyone to access this data, or you might end up sharing confidential information with everyone on the platform.

That’s when security roles come to your rescue. So, what are they, and how can you implement them? Let’s find out.

Dynamics 365 security role: what is it?

Dynamics 365 security roles are the best way to define who gets to access what. You can control access to data by creating new security roles and modifying the existing ones. You can also assign different security roles to a single user.

Security roles let you exercise full control over your data. You don’t want A to access what B has access to? Or do you want the employees in department X to access something that the employees in department Y can’t access? Or if your sales team only has access to lead records they own, but you want them to see additional leads as well? Well, you can meet all these conditions by editing the roles and permissions of your users.

The idea is simple – Dynamics 365 security role ensure that you only share relevant information with the relevant stakeholders without compromising your data’s confidentiality and integrity.

Dynamics 365 security roles


This access level provides users with access to all records, irrespective of their business unit, and job role. Users with Global access automatically get other accesses too – deep, local, basic, and so on.

Since Global access is so powerful, we recommend exercising caution while providing it to anyone. Ideally, it should only be provided to managers and other high-authority professionals.


This access level provides users with access to records in their respective business units and all business units that are a subset of the user’s business unit. Deep access provides users with Basic and Local access, also.


This access level provides users with access to information in their business units. Local access also provides users with the Basic access.


Basic access provides a user with access to records that they own and manage. It also lets them access the objects shared with them. This access level is typically provided to sales and service representatives.


None means that the user doesn’t have any access to records and information.

Privileges are the basic security units that define the kind of action a user can perform in the platform. Privileges cannot be added or deleted but modified.


Allows a user to create a new record. A user can create a record depending on their access level.


Allows a user to read the contents of a record. A user can read a record depending on their access level.


Allows a user to make changes to a record. A user can edit a record depending on their access level.


Allows a user to delete a record permanently. A user can delete a record depending on their access level.


Allows a user to associate a current record with another.

Append To

Allows a user to associate a record with the current record.


Allows a user to assign the ownership of a record to another user. A user can assign a record depending on their access level.


Allows a user to give access to a record to another user while maintaining their own access intact. A user can share a record depending on their access level.

Dynamics 365 security role, user licenses vs. team member licenses

Licensing a user can be done when you create the user account, or you can even license them later. You won’t be able to provide a user with access to your organization until relevant user licenses are issued. An active user record who signs into your organization will need one user license per person.

Additionally, you would also need a user license to issue an invitation. You need a user license even for an unaccepted invitation until it expires two weeks after it was issued. However, you can always get the number of licenses reduced if you have more than what you need. All you need to do is contact support.

So, once you have issued a security license to a user, they can sign in to your organization. You can control their access by defining security roles based on access levels and permissions.

Once you have provided your user with a security role, you can allocate them with the necessary privileges:

User privileges

User privileges are granted directly when you assign a security role to a user. The new security roles have a Basic access level by default. This allows them to create and access record created or owned by them.

Team privileges

Team privileges are granted when a user joins a team. These users might not have user privileges of their own but can still access the records their team has access to.

Dynamics 365 security role: how to assign it?

To be able to assign security roles to users, you must have the related privileges to make things work. The minimum privileges you would need are Read and Assign. To ensure that there is no misuse of privileges, you cannot assign a security role with more privileges than yours to the assignee. Thus, if you are a CSR Manager, you cannot assign the role of System Administrator to another user.

The System Administrator, by default, has all the required privileges that empower them to allocate security roles to any user, including the role of System Administrator. This is the highest role that has the authority to remove and provide access and define the extent of rights. Additionally, this is the only role in Dynamics 365 Marketing that cannot be edited.


Aren’t security roles interesting ? They ensure that your organization and data are perfectly safe and that unauthorized users don’t get to access what they should not. Although all this seems easy-to-go, you are bound to get overwhelmed with all the features out there.

So, what are your views on this? Any queries, or do you need assistance? We are here to help you out. Write to us!

Liked what you just read? Sharing is caring.

January 08, 2021 by Frédéric Charest VP of Marketing

Data-driven Growth Marketer with a Passion for SEO - Driving Results through Analytics and Optimization