User Roles and Security
User Roles and Security
Configure user access, roles, and security settings to ensure proper authorization and data protection in Dynaway EAM for Microsoft Dynamics 365 Business Central.
Roles, Profiles, and Permission Sets
- Roles: Define the user's job function (e.g., Asset Manager, Technician, Requestor).
- Profiles: Assign a role center to each user, customizing their workspace and navigation.
- Permission Sets: Control access to tables, pages, and processes. Permission sets can be standard (provided by Dynaway EAM and Business Central) or custom (created for your organization).
Permission Sets in Dynaway EAM
Dynaway EAM provides a comprehensive set of permission sets tailored to maintenance roles. These permission sets are assigned to users in Business Central and determine what data and actions are available.
Permission Sets for Asset Managers
Users working as Asset Managers require the following Permission Sets on their User Card:
| Permission Set | Name | Module |
|---|---|---|
| D365 BASIC | Dynamics 365 Basic Access | Standard BC |
| D365 ITEM, EDIT | Dynamics 365 Create items | Standard BC |
| DAM EAM MANAGER | EAM Manager | EAM |
| DAM EAM BASIC | EAM Basic | EAM |
| DAMFRM MANAGER | Forms Manager | Forms |
| DAMMR MANAGER | MR Manager | Requests |
| DAMSW MANAGER | Safe Work Manager | Safe Work |
| DAM EAM SCHEDULER | EAM Scheduler | Scheduling Board |
Permission Sets for Asset Technicians
Users working as Asset Technicians require the following Permission Sets on their User Card:
| Permission Set | Name | Module |
|---|---|---|
| D365 BASIC | Dynamics 365 Basic Access | Standard BC |
| DAM EAM TECHNICIAN | EAM Technician | EAM |
| DAM EAM BASIC | EAM Basic | EAM |
| DAMFRM RESPONDER | Forms Responder | Forms |
| DAMMR TECHNICIAN | MR Technician | Requests |
| DAMSW TECHNICIAN | Safe Work Technician | Safe Work |
| DAM EAM S.BOARD READ | EAM Scheduling Board Read | Scheduling Board |
Permission Sets for additional users
Users who are not defined as Asset Managers or Asset Technicians require the following Permission Sets on their User Card:
| Permission Set | Name | Module |
|---|---|---|
| DAM EAM READ | EAM Read | EAM |
| DAM EAM PROD. OPER. | EAM Production Operator | EAM |
| DAM LICENSE CHECK | EAM License Check | EAM |
| DAMINV SALES POST | EAM Sales Post | Maintenance Invoicing |
| DAMMR REQUESTOR | MR Requestor | Requests |
| DAMMR READ | MR Read | Requests |
| DAMSW ENTRIES | Safe Work Entries | Safe Work |
| DAMSW READ | Safe Work Read | Safe Work |
| DAMTL READ | Tools Read | Tool Crib |
| DAMTL TOOL HANDOUTS | Tool Handouts | Tool Crib |
| DAMFRM READ | Forms Read | Forms |
User Types and Licensing
- Full Users: Have access to all EAM features. Typical roles include managers, planners, and senior technicians.
- Light Users: Limited access, focused on operational tasks (e.g., registering time, creating requests, viewing work orders). Light User licensing restricts access to specific processes.
Light User Processes and Modules
Light Users have access to a limited set of processes within Dynaway EAM. The following table outlines the specific processes and modules available to Light Users:
| App | Process | Can Be Done by Light User |
| EAM | Add any documents to records | Yes |
| EAM/Tool Crib | Create Assets/Tools | No |
| EAM | Modify Assets directly | No |
| EAM | Create Asset Downtime | Yes |
| EAM | Close Asset Downtime | Yes |
| EAM | Create Work Order from Asset Downtime | Yes |
| EAM | Create Asset Warranty | No |
| EAM | Create Asset Warranty Claim | No |
| EAM | Create a Work Order from Asset Warranty Claim | Yes |
| EAM | Create Asset Transfer | Yes |
| EAM | Post Asset Transfer Shipment or Receive | Yes |
| EAM | Create Counters | No |
| EAM | Register Counter Reading (at this moment free users can do it) | N/A |
| EAM | Create Measurement | No |
| EAM | Create Measurement Devices | No |
| EAM | Register Measurement Readings (at this moment free users can do it) | N/A |
| EAM | Create Work Order Plans | No |
| EAM | Create Round Order Plans | No |
| EAM | Release Work Order Plans | No |
| EAM | Release Round Order Plans | No |
| EAM | Create Work Orders by planning worksheet | No |
| EAM | Create One-off work orders (ad-hoc work orders) | Yes |
| EAM | Modify Work Orders (add new lines/delete/change status but without posting) | Yes |
| EAM | Post Work Orders (Items/Resources/Expenses) | No |
| EAM | Close Work Orders (without posting) | No |
| EAM | Post registrations from the timer | No |
| EAM | Modify Round Orders (add new lines/delete/change status but without posting) | Yes |
| EAM | Post and Close Round Orders (Items/Resources/Expenses) (with rounds there is only one step) | No |
| EAM | Create Expenses | No |
| Forms | Create Form Templates | No |
| All | Fill Forms (checklists/forms assigned to assets etc.) | Yes |
| Tool Crib | Register Tools Handouts | Yes |
| Tool Crib | Register Tools Returns | Yes |
| Requests | Create Maintenance Requests (at this moment free users can do it) | N/A |
| Requests | Modify Maintenance Requests (add comments/change status etc.) | Yes |
| Requests | Create work orders directly from maintenance request | Yes |
| EAM | Create Maintenance Budgets | No |
Maintenance Employee Setup
All users working with Dynaway EAM must be configured as Maintenance Employees. You can set up individual users or groups, assign resources, work types, and default warehouse locations, and control access to assets and documents.
How to set up Maintenance Employees:
- Go to the Maintenance Employees page in Business Central.
- Select 'New' to add a user or group.
- For users, select a resource (person or machine) that the user is related to (Resource No.).
- For groups, use the Group Members button to add employees to the group.
- Assign Work Types to users or groups to define specific tasks or skills.
- Set up default warehouse locations for users to ensure correct inventory handling (Default Location).
- Assign asset responsibility centers if users should only see certain assets or documents (Asset Resp. Ctr. Filter, Maintenance Resp. Ctr. Filter).
- Specify email addresses for users/groups (E-Mail).
- Enable 'Light User' for users who require limited access.
- Use the Time Entry Approver role for users who need to approve and post timer entries (Time Entry Approver).
- Assign Scheduling Board Read Only, Lockout Manager, or Tagout Manager roles as needed (requires relevant apps).
- Set Posting for Today if posting dates should default to the current date (Posting For Today).
- Specify Work Order Posting Policy and Maintenance Task Posting Policy for users/groups (Work Order Posting Policy, Maint. Task Posting Policy).
- Exclude Closed Plans from the user's view if needed (Exclude Closed Plans).
- Enable Drag-and-drop on Asset Tree for users/groups if required (Drag-and-drop on Asset Tree).
Any Business Central user with the proper permission set for the Maintenance Employee table can edit/add/remove records from that table.
DAM EAM BASIC
DAM EAM BASIC is a permission set that is needed for each user of EAM (managers and technicians). Permission set includes access to tables that are used by the manager and technicians in the same way.
DAM EAM MANAGER
DAM EAM MANAGER is a dedicated permission set for managers. You can find access that gives the possibility to run processes that can only be done by a manager. For example, a manager can do direct changes on the asset card when the permission set dedicated for the technician allows performing indirect changes on the asset. This permission set is needed if this user is responsible for creating maintenance data in your company.
DAM EAM TECHNICIAN
DAM EAM TECHNICIAN is a dedicated permission set for technicians. With this set, you will be able to perform some processes like posting work orders, editing lines on orders, or changing some records indirectly. Permission set gives READ access to all needed data. For example, with this set, you are able to read data from tables like Work Order Priority, Asset Category, etc., but you are not able to create or modify records in these tables.
EAM TECH WO
EAM TECH WO is a dedicated permission set for technicians who need the possibility to create one-off work orders directly from the asset (or any other place in the system where it's possible, like downtime or maintenance request).
DAM EAM READ
DAM EAM READ is a technical permission set that includes READ access to all tables from the EAM app. You can use it for users who need access to EAM data. For example, if you want your accountants (who work in BC) to have access to assets, work orders, etc., you need to add this permission set to these users. With this permission set, the user will be able to open any maintenance page and read data from it.
DAM EAM PROD. OPER.
DAM EAM PROD. OPER. is a permission set dedicated to the users who work with production orders but for some reason need access to EAM. When you're using manufacturing connected to maintenance, and you want that our manufacturing users are able to register for example counter readings, you need to provide this permission set to these users.
DAMFRM MANAGER
DAMFRM MANAGER is a dedicated permission set for form managers. The user with this permission set is able to create new forms and all the needed data for them. This is a permission set dedicated to the person who works as a form template creator/editor.
DAMFRM RESPONDER
DAMFRM RESPONDER is a dedicated permission set for the user who will need to answer on created forms. This person is not able to create new form templates but is able to respond to created forms. It's not important from what place the form was created (asset, general form, or work order).
DAM LICENSE CHECK
DAM LICENSE CHECK is a technical permission set that includes READ access to all tables from the EAM app that are needed to check the license. Your managers and technicians should already have this access, so this permission set might be used in a situation where the user is not a typical maintenance user.
DAMFRM READ
DAMFRM READ is a technical permission set that includes READ access to all tables from the FORMS app. You can use it for users who need access to FORMS data. For example, if you want that your HR employees (who work in BC) have access to forms, you need to add this permission set to these users. With this permission, the user will be able to open any form page and read data from it.
DAMMR MANAGER
DAMMR MANAGER is a dedicated permission set for the maintenance requests manager. The user with this permission set is able to manage created maintenance requests. This is a similar permission set to EAM MANAGER but for maintenance request purposes.
DAMMR TECHNICIAN
DAMMR TECHNICIAN is a dedicated permission set for maintenance requests technicians. The user with this permission set is able to work with the maintenance request from the technician's perspective. This is a similar permission set to EAM TECHNICIAN but for maintenance request purposes.
DAMMR REQUESTOR
DAMMR REQUESTOR is a dedicated permission set for users who are able to create new maintenance requests. You might consider adding this permission set for users who are working in the same company and are not connected to maintenance, but sometimes want to create a maintenance request (e.g. because they noticed that something is wrong with an asset).
DAMMR READ
DAMMR READ is a technical permission set that includes READ access to all tables from the Maintenance Requests app. You can use it for users who need access to Maintenance Requests data. For example, if you want your employee (who works in BC) to have access to maintenance requests, you need to add this permission set to these users. With this permission, the user will be able to open any maintenance request page and read data from it.
DAMSW MANAGER
DAMSW MANAGER is a dedicated permission set for the safe work manager. The user with this permission set is able to create and manage documents like lockouts, tagouts, or permits to work, and all needed data for them like statuses or categories.
DAMSW TECHNICIAN
DAMSW TECHNICIAN is a dedicated permission set for the safe work technician. The user with this permission set is able to work and proceed all created safe work documents.
DAMSW READ
DAMSW READ is a technical permission set that includes READ access to all tables from the Safe Work app. You can use it for users who need access to Safe Work data. For example, if you want your employee (who works in BC) to have access to safe work (lockout, tagout, permit to work, etc.), you need to add this permission set to these users. With this permission, the user will be able to open any safe work page and read data from it.
DAMSW ENTRIES
DAMSW ENTRIES is a dedicated permission set for the user who creates records in the Entrance Log. This permission set has nothing in common with any other area of Safe Work app.
DAM EAM SCHEDULER
DAM EAM SCHEDULER is a dedicated permission set for the manager who uses scheduling boards to plan work in your company. It means that the user with this permission set is able to use all functions of the Scheduling Board and Asset Activity Board.
DAM EAM S.BOARD READ
DAM EAM S.BOARD READ is a dedicated permission set for the user who has access to the Scheduling Board or Asset Activity Board but this user is not able to edit work from the board. This is a permission set only for the read mode of these boards.
DAMTL TOOL HANDOUTS
DAMTL TOOL HANDOUTS is a dedicated permission set for users who will create tool handouts and returns in your company. A tool as a document is an Asset from the database perspective. So the creation of the tool is a part of the maintenance manager permission set. DAMTL TOOL HANDOUTS is only for registering handouts and returns.
DAMTL READ
DAMTL READ is a technical permission set that includes READ access to all tables from the Tool Crib app. You can use it for users who need access to Tool Crib data. For example, if you want your employee (who works in BC) to have access to registered handouts and returns, you need to add this permission set to these users. With this permission, the user will be able to open any tool crib page and read data from it.
DAMINV SALES POST
DAMINV SALES POST is a permission set dedicated to the user who is not a maintenance manager but needs to post sales invoices created with maintenance invoicing.
Team Member
Use Light User App setups to reduce the number of possibilities for team members (licenses) in the system. This is helpful if you want to control that a selected user only has access to a small part of the system. Important: each prepared permission set has less than inserts to 15 tables.
Permission sets and Roles are defined by processes to which the user has access.
Roles (by default) are not visible in Role Explorer.
The table below contains all setup that is possible with the Dynaway Light User application.
Important: Recommended Setup does not contain read permission sets - add relevant permission set (for example EAM READ) to give read access to the tables for the user.
| What do you want to do in the system? | Recommended Setup |
|
Register Counter Readings
|
Permission Set Code: DAMLU REGCOUNTREAD Role (profile): DAMLUREGCOUNTREAD |
|
Register Measurement Readings
|
Permission Set Code: DAMLU REG MEAS READ Role (profile): DAMLUREGMEASREAD |
|
Register Counters and Measurements Combination of:
|
Permission Set Code: DAMLU REG M C READ Role (profile): DAMLUREGCMREAD |
|
Create Asset Transfers
|
Permission Set Code: DAMLU ATRAN CREATE Role (profile): DAMLUATCREAT |
|
Manage Asset Transfer
|
Permission Set Code: DAMLU ATRAN MANAGE Role (profile): DAMLUATMANAG |
|
Create One-off Work Orders (without checklists)
|
Permission Set Code: DAMLU CREATEWOBASIC Role (profile): DAMLUWOCREATE |
|
Create One-off Work Orders with Checklists
|
Permission Set Code: DAMLU CREATEWOEXTRA Role (profile): DAMLUWOCREATE |
|
Fill Round Orders
|
Permission Set Code: DAMLU RO MANAGE Role (profile): DAMLUWOMANAG |
|
Fill Inspection Orders
|
Permission Set Code: DAMLU INSP MANAGE Role (profile): DAMLUWOMANAG |
|
Manage Work Orders
|
Permission Set Code: DAMLU WO MANAGE Role (profile): DAMLUWOMANAG |
|
Manage Work Orders and Round Orders (Inspections) Combination of:
|
Permission Set Code: DAMLU WORK MANAGE Role (profile): DAMLUWOMANAG |
|
Create Asset Downtime
|
Permission Set Code: DAMLU DOWNT CREATE Role (profile): DAMLUADOWNTCREATE |
|
Manage Asset Downtimes Combination of:
|
Permission Set Code: DAMLU DWCREATEBASIC Role (profile): DAMLUADOWNTCREATE |
The table below contains all setup that is possible with the relevant application (Safe Work, Requests, etc.) all permission sets and roles are installed with their basic application.
Important: Recommended Setup does not contain read permission sets - add relevant permission set (for example EAM READ) to give read access to the tables for the user.
| What do you want to do in the system? | Recommended Setup |
|
Register Requests
|
Origin APP: Dynaway Requests Permission Set Code: DAMMR REG REQ Role (profile): DAMMRREGREQ |
|
Create Permit to Work
|
Origin APP: Dynaway Safe Work Permission Set Code: DAMSW CREATE PERMIT Role (profile): DAMSWPTWCREAT |
|
Fill Permit to Work
|
Origin APP: Dynaway Safe Work Permission Set Code: DAMSW FILL PERMIT Role (profile): DAMSWPTWMANAG |
|
Create and Manage Lockout
|
Origin APP: Dynaway Safe Work Permission Set Code: DAMSW LOCKOUT CREAT Role (profile): DAMSWLOCKCREAT |
|
Register Safety Incidents
|
Origin APP: Dynaway Safe Work Permission Set Code: DAMSW SAFETY INC REG Role (profile): DAMSWSAFINCCREAT |
|
Register Handout of Tools
|
Origin APP: Dynaway Tool Crib Permission Set Code: DAMTL TOOL HAND RET Role (profile): DAMTLHANDRETCREATE |
|
Create Production On Hold from Downtime
|
Origin APP: Dynaway EAM Manufacturing Permission Set Code: DAMMF HOLDPROD CREAT Role (profile): DAMLUADOWNTCREATE For this user - the permission set came from the EAM Manufacturing app, but the role was from Dynaway Light User. |
