Set up role-based security

[This topic is pre-release documentation and is subject to change.]

This section takes you through the steps to use role-based access control in your Dynamics 365 for Customer Insights service instance. You configure roles in Customer Insights through the Azure portal, and then you assign the roles to specific individuals or security principals.

Configuring role-based access control

  1. Sign in to the Azure portal by using your Azure account, and navigate to your Customer Insights service instance.

  2. On your Customer Insights service instance blade, select All Settings.

  3. On the Settings blade, select Security.

  4. On the Role Assignments blade, select Add.

  5. On the Add Role Assignment blade, select Provide Name.

  6. Enter a Role Name, and then select Create.

  7. On the Add Role Assignment blade, select Select a role.

  8. Choose the Admin or Reader role.

  9. On the Add Role Assignment blade, select Add.

  10. On the Select Users blade, you should see the associated users and security groups provisioned in your Azure Active Directory tenant. Choose the security principals to whom you’d like to assign the role, select Select, and then select OK.

  11. On the Add Role Assignment blade, select Add.

  12. On the Select Profiles blade, choose the profiles, interactions, KPIs, views, or widget types to which a security principal has access. For instance, to grant this role access to the data associated with a specific profile, select Allowed Profiles.

  13. On the Select Profiles blade, choose the profiles to which you want to grant this role access. To grant access to all profiles, select the wildcard character, “*”. Select Select.

  14. If you grant the security principal access to all (*) profiles, you can still deny the role access to specific profiles. (Similar behavior applies to interactions, KPIs, views, or widget types). Select Not Allowed Profiles to deny the role access to profiles of a specific type.

    Note

    The Not Allowed Profiles option only appears when you’ve chosen to grant a role access to all (*) profiles. Similar behavior applies to interactions, KPIs, views, and widget types.

  15. On the Add Permissions blade, select OK.

  16. On the Add Role Assignment blade, select Create to provision the new role.