When using Microsoft Dynamics 365 for Operations you can create new security roles or even customize existing ones. When you do so, you have to be careful if everything is working like intended. This blog post will tell you about the enhanced worker information and how to grant access to this.
What is the enhanced worker information?
When working in the application, some fields contains a name of the worker. To be able to select the correct worker, there is a neat lookup form, showing some additional information. Also, when you hover over the name field, a preview form with a picture and contact details will be shown. These forms are illustrated in the next screenshots.
As you can see, there is no standard lookup with just a number and name, but it almost looks like the preview of Skype for Business. When configured correctly, also the presence indicator will show you if the person is available for chats.
When you create a custom role, the lookup and preview form might not work due to not sufficient permissions. I will show an example what might go wrong. For this example, I created a new security role with only two duties. The Purchasing assistant would be allowed to maintain purchase orders and view information about vendors.
This role is assigned to a user and will behave in the next (wrong) way.
Initially the lookup is throwing an error. A second attempt will again raise the error and shows an empty lookup form. The tooltip is not showing the enhanced form, but only repeats the worker name. So now I’m disappointed and would like to have a solution for this as I’m aware of the nice preview and lookup capabilities.
How to get the required result?
I did explore the application and Visual Studio how this information has been secured. It appears to be part of the Employee security role out of the box. If you don’t want to assign the complete role, you can also add the duty View basic information about workers in the system into your security role. Also, other roles like Account payable clerk, Manager, Human resource manager do have this duty included. I assume you don’t want to add for example the Recruiter role to have the enhanced information available.
This fixes the lookup in all cases. However, you should keep in mind that the neat preview isn’t always working. It is only working when the user also has access to the Worker detail form. There is some weird behavior on the tooltip functionality in combination with clickable fields which will open the details. So it seems like it first checks the access on the Worker details form and forgets about the tooltip preview. In my test I did add the menu item in a separate privilege. In this way there is no access on the standard worker list pages.
It would be possible to create a privilege with the menu item HCMworker and grant read access only. In that scenario a user would have access to the worker details with the next information. This user has no access to private information, so private addresses and contact details are not visible. The details form is then filtered on one worker only.
There is more…
There might be reasons why you don’t want to grant access to the worker details. In that case, currently the preview tooltip will not work. Considerations are:
- When addresses or contact details are marked as being primary, the private setting is being ignored.
- A user would be able to manipulate the browser URL to open the worker details manually. In that case there is no filter and the user can see all workers with their names.
That’s all for now. Till next time!