Dynamics 365 Finance and Operations Security Role Export and Imports


How to Create Custom Security Roles in Dynamics 365

Dynamics 365 continues to use user role based security, similar to that in Dynamics AX 2012, which follows the basis that permissions are not granted to the user, but to the security roles assigned to a given user.

Read the Blog

Many organizations require custom security configuration to support business processes. Security setup can be cumbersome however, once security roles have been fine tuned in a test environment, the security configuration can be exported from the test environment and imported into a configuration environment.

The purpose of this article is to demonstrate the security configuration export and import functionality. For this demonstration, two environments will be used: TEST and CONFIG.

Go to System Administration > Security > Security Configuration.

The customer has decided that a custom role is required that contains a custom duty. In TEST, a custom role (Account v_2) and customer duty (Configure electronic fiscal document _2) is created and published.

Changes made in security configuration need to be published to be active. Select the role and publish the selection.

Once the publication is made, select DATA on the action pane and select “Export.”

A file titled “SecurityDatabaseCustomizations” will be generated. The file will contain the security configurations. Save the file in a location as this will be imported into the CONFIG environment.

In the CONFIG environment, navigate to Security Configuration form. We will select DATA on the action pane but select the “Import” functionality. Import the file exported from the TEST environment. The system will notify if the import is successful. In the screenshot below, the custom role “Account v_2” and custom duty “Configure electronic fiscal document _2” have been imported successfully into the CONFIG environment.

Common Errors

Custom roles with custom duties and custom privileges create “publishing dependencies.” All custom privileges contained in custom duties must be published before the custom duty can be published. All custom duties contained in a role must be published before the custom role can be published. An error will occur if the custom role “Account v_2” is published before publishing the custom duty “configure electronic fiscal document_2.” The user must post the custom duty before posting the custom role.

When custom roles, duties, and privileges are created, they are assigned a unique ID. If Account v_2 previously existed in CONFIG environment and the import contained a role with the identical name Account v_2, the system will not allow the imported role to be published. The existing role/duty/privilege must be deleted before an imported role/duty/privilege with the same name can be published.


Security configuration can be a long and daunting task. However, all those hours spent investigating and configuring custom roles can easily be transferred from one environment and into another environment! Hopefully this guide has helped alleviate your security woes.