Work 365 Security Roles are additive roles based on existing Dynamics CRM roles. They are not standalone Work 365 roles.
Pre-requisites
- In order to assign Work 365 roles, an individual must already have the necessary CRM role.
- Only CRM System Admins can assign security roles.
Here is the recommended role mapping
- Work 365 Sales ➤ Sales Person
- Can create Billing Contracts, subscriptions
- Provision Customer Accounts in the Partner Center
- Update Changes to License Change Logs on subscriptions (cannot create license changelogs)
- Can only read templates, and can read their own incentives plans
- Cannot charge customer Credit Cards, or create Payment Profiles
- Can generate invoices
- Work 365 Customer Service ➤ Customer Service Representative
- Can sync subscriptions
- Provision Accounts in Partner Center
- Update Changes to License Change Logs on subscriptions (cannot create license changelogs)
- Cannot charge customer Credit Cards, or create Payment Profiles
- Work 365 Admin ➤ Sales Manager + CSR Manager (finance and admin)
- Can modify Work 365 Configuration Settings
- Cannot Set up a new Work 365 provider (only a System Admin can do that)
- Time billing: has access to create/update/delete any time logs along with related time entities. Can also approve time logs.
- Work 365 Service ➤ Consent Account between Partners and Work 365
- Have the same rights as the Work 365 Admin account. It is recommended this security role only be used for the Work 365 service account.
- Work 365 CS Representative:
- can only create/update/delete one’s own time logs
- Work 365 CS Manager
- has access to create/update any time logs along with related time entities
- can delete only time entity records owned by the user
- can approve time logs