4. User Management

Set up roles, profiles, and permissions in EAM-BC

Introduction

User Management is an optional step when getting started with EAM-BC for the first time. You can always come back to this step.

All employees are assigned a role in D365BC, depending on the jobs and tasks they are required to work on. Roles are defined by user and permission setup.

Prerequisites

Dynaway EAM for Business Central (EAM-BC) is installed in your standard Microsoft Dynamics 365 Business Central solution.

You have acquired an adequate number of licensed users for EAM-BC, allowing you to set up users for your maintenance organization.

Audience
Sysadmin, Maintenance Manager

Roles, Users, and Permissions

In standard D365BC, Roles are set up as profiles to describe different job functions, for example, Administrator, Inventory Manager, Asset Manager, and Asset Technician.

A role center is assigned to each role (profile).

Read more about role center setup in the Microsoft documentation for D365BC.

Read more about how to create and manage profiles in the Microsoft documentation for D365BC.

Role Center for Asset Managers

Asset Managers use the role center to get an overview of the current status on Assets, Work Order Plans, and Work Orders. Asset Managers have access to various lists, for example Active Assets, Critical Assets, Active Work Orders, Overdue Work Orders, Open Work Order Plans, Posted Work Orders.

Role Center for Asset Technicians

Asset Technicians use the role center as their point of entry to EAM-BC. Asset Technicians have access to relevant information regarding Assets and Work Orders.

Asset Technicians can make registrations on Assets and Work Orders to keep information updated regarding Asset Maintenance and the general condition of a company's Assets.

Users and Permission Sets

In D365BC, individual employees or a group of employees can be set up as users. Permission sets are added to each user and define which data the user has access to and whether the user is allowed to read, edit, or delete data. Read more about permission sets in the Microsoft documentation for D365BC.

In Dynaway EAM for Business Central, you can set up different permissions for e.g. a maintenance manager and an asset technician who have different tasks in your company's maintenance department and therefore require access to specific areas in the system.

The Administrator or Manager responsible for running assisted setup in EAM-BC and importing data into EAM-BC requires the following permission sets to complete those initial setup tasks: D365 SETUP (required for running assisted setup) and D365 RAPIDSTART (required for importing data).

In the tables below, the permission sets that include 'Read' in the name, such as EAM Read, are only for users who should be able to read/open records. Note that all applications have their own permission sets.

When you set up users for your maintenance organization, the following permission sets are required. Sometimes a permission set already includes an additional needed permission set (for example DAM EAM TECHNICIAN has DAMFRM RESPONDER) but we recommend that you add all relevant permissions sets from different apps.

Permission Sets for Asset Managers

Users working as Asset Managers require the following Permission Sets on their User Card:

Permission Set Name Module
D365 BASIC Dynamics 365 Basic Access Standard BC
D365 ITEM, EDIT Dynamics 365 Create items Standard BC
DAM EAM MANAGER EAM Manager EAM
DAM EAM BASIC EAM Basic EAM
DAMFRM MANAGER Forms Manager Forms
DAMMR MANAGER MR Manager Requests
DAMSW MANAGER Safe Work Manager Safe Work
DAM EAM SCHEDULER EAM Scheduler Scheduling Board

Permission Sets for Asset Technicians

Users working as Asset Technicians require the following Permission Sets on their User Card:

Permission Set Name Module
D365 BASIC Dynamics 365 Basic Access Standard BC
DAM EAM TECHNICIAN EAM Technician EAM
DAM EAM BASIC EAM Basic EAM
DAMFRM RESPONDER Forms Responder Forms
DAMMR TECHNICIAN MR Technician Requests
DAMSW TECHNICIAN Safe Work Technician Safe Work
DAM EAM S.BOARD READ EAM Scheduling Board Read Scheduling Board

Permission Sets for additional users

Users who are not defined as Asset Managers or Asset Technicians require the following Permission Sets on their User Card:

Permission Set Name Module
DAM EAM READ EAM Read EAM
DAM EAM PROD. OPER. EAM Production Operator EAM
DAM LICENSE CHECK EAM License Check EAM
DAMINV SALES POST EAM Sales Post Maintenance Invoicing
DAMMR REQUESTOR MR Requestor Requests
DAMMR READ MR Read Requests
DAMSW ENTRIES Safe Work Entries Safe Work
DAMSW READ Safe Work Read Safe Work
DAMTL READ Tools Read Tool Crib
DAMTL TOOL HANDOUTS Tool Handouts Tool Crib
DAMFRM READ Forms Read Forms

Light User

Light User is a type of license where the user can use only some parts of the EAM app. In the table below, you can see whether the listed processes can be carried out by Light Users.

To set up a user as a Light User, go to the Maintenance Employees page and define the specific user as a 'Light User'.

App Process Can Be Done by Light User
EAM Add any documents to records Yes
EAM/Tool Crib Create Assets/Tools No
EAM Modify Assets directly No
EAM Create Asset Downtime Yes
EAM Close Asset Downtime Yes
EAM Create Work Order from Asset Downtime Yes
EAM Create Asset Warranty No
EAM Create Asset Warranty Claim No
EAM Create a Work Order from Asset Warranty Claim Yes
EAM Create Asset Transfer Yes
EAM Post Asset Transfer Shipment or Receive Yes
EAM Create Counters No
EAM Register Counter Reading (at this moment free users can do it) N/A
EAM Create Measurement No
EAM Create Measurement Devices No
EAM Register Measurement Readings (at this moment free users can do it) N/A
EAM Create Work Order Plans No
EAM Create Round Order Plans No
EAM Release Work Order Plans No
EAM Release Round Order Plans No
EAM Create Work Orders by planning worksheet No
EAM Create One-off work orders (ad-hoc work orders) Yes
EAM Modify Work Orders (add new lines/delete/change status but without posting) Yes
EAM Post Work Orders (Items/Resources/Expenses) No
EAM Close Work Orders (without posting) No
EAM Modify Round Orders (add new lines/delete/change status but without posting) Yes
EAM Post and Close Round Orders (Items/Resources/Expenses) (with rounds there is only one step) No
EAM Create Expenses No
Forms Create Form Templates No
All Fill Forms (checklists/forms assigned to assets etc.) Yes
Tool Crib Register Tools Handouts Yes
Tool Crib Register Tools Returns Yes
Requests Create Maintenance Requests (at this moment free users can do it) N/A
Requests Modify Maintenance Requests (add comments/change status etc.) Yes
Requests Create work orders directly from maintenance request Yes
EAM Create Maintenance Budgets No

Team Member

Use Light User App setups to reduce the number of possibilities for team members (licenses) in the system. This is helpful if you want to control that a selected user only has access to a small part of the system. Important: each prepared permission set has less than inserts to 15 tables.

Permission sets and Roles are defined by processes to which the user has access.

Roles (by default) are not visible in Role Explorer.

The table below contains all setup that is possible with the Dynaway Light User application.


Important: Recommended Setup does not contain read permission sets - add relevant permission set (for example EAM READ) to give read access to the tables for the user.


What do you want to do in the system? Recommended Setup

Register Counter Readings

  • Create counter journal line
  • Post counter journal line

Permission Set Code: DAMLU REGCOUNTREAD

Role (profile): DAMLUREGCOUNTREAD
Role Name: Counter Readings Registration

Register Measurement Readings

  • Create measurement journal line
  • Post measurement journal line

Permission Set Code: DAMLU REG MEAS READ

Role (profile): DAMLUREGMEASREAD
Role Name: Measurement Readings Registration

Register Counters and Measurements

Combination of:

  • Register Counter Readings
  • Register Measurement Readings

Permission Set Code: DAMLU REG M C READ

Role (profile): DAMLUREGCMREAD
Permission Set Name: Counter and Measurement Readings Registration

Create Asset Transfers

  • Create asset transfer with lines
  • Add checklists to asset transfer (checklist with pictures and documents)
  • Fill in checklists (with pictures and documents)
  • Post shipments
  • Post receipts

Permission Set Code: DAMLU ATRAN CREATE

Role (profile): DAMLUATCREAT
Role Name: Asset Transfer Creation

Manage Asset Transfer

  • Open existing asset transfers
  • Fill in checklists (with picture and documents)
  • Post shipments
  • Post receipts

Permission Set Code: DAMLU ATRAN MANAGE

Role (profile): DAMLUATMANAG
Role Name: Asset Transfer Management

Create One-off Work Orders (without checklists)

  • Create one-off work order from the asset tree
  • Add lines to the work order
  • Change the work order status
  • Add pictures to the work order
  • Add documents to the work order
  • Add failures to the work order

Permission Set Code: DAMLU CREATEWOBASIC

Role (profile): DAMLUWOCREATE
Role Name: Work Order Creation

Create One-off Work Orders with Checklists

  • Create one-off work order from the asset tree (with checklists - a checklist can contain pictures and documents)
  • Add lines to the work order
  • Change the work order status
  • Add pictures to the work order
  • Add documents to the work order
  • Add failures to the work order

Permission Set Code: DAMLU CREATEWOEXTRA

Role (profile): DAMLUWOCREATE
Role Name: Work Order Creation

Fill Round Orders

  • Open existing round order
  • Fill in asset lines (and adding a new line)
  • Add/edit item/resource lines

Permission Set Code: DAMLU RO MANAGE

Role (profile): DAMLUWOMANAG
Role Name: Work Order Management

Fill Inspection Orders

  • Open existing round order (inspection)
  • Fill in asset lines (and adding a new line)
  • Add/edit item/resource lines
  • Fill in checklists for assets and header (with pictures and documents)

Permission Set Code: DAMLU INSP MANAGE

Role (profile): DAMLUWOMANAG
Role Name: Work Order Management

Manage Work Orders

  • Open an existing work order
  • Fill in checklists (with pictures and documents)
  • Add failures
  • Add pictures and documents
  • Use time registration (without posting)

Permission Set Code: DAMLU WO MANAGE

Role (profile): DAMLUWOMANAG
Role Name: Work Order Management

Manage Work Orders and Round Orders (Inspections)

Combination of:

  • Manage Work Orders
  • Fill Rounds
  • Fill Inspections

Permission Set Code: DAMLU WORK MANAGE

Role (profile): DAMLUWOMANAG
Role Name: Work Order Management

Create Asset Downtime

  • Create asset downtime from the asset tree
  • Change dates on the asset downtime
  • Close the asset downtime

Permission Set Code: DAMLU DOWNT CREATE

Role (profile): DAMLUADOWNTCREATE
Role Name: Asset Downtime Creation

Manage Asset Downtimes

Combination of:

  • Create Asset Downtime
  • Create One-off work orders (without checklists)

Permission Set Code: DAMLU DWCREATEBASIC

Role (profile): DAMLUADOWNTCREATE
Role Name: Asset Downtime Creation

The table below contains all setup that is possible with the relevant application (Safe Work, Requests, etc.) all permission sets and roles are installed with their basic application.


Important: Recommended Setup does not contain read permission sets - add relevant permission set (for example EAM READ) to give read access to the tables for the user.


What do you want to do in the system? Recommended Setup

Register Requests

  • Create requests from the asset tree
  • Add pictures and documents to requests
  • Add comments to requests
  • Close requests

Origin APP: Dynaway Requests

Permission Set Code: DAMMR REG REQ

Role (profile): DAMMRREGREQ
Role Name: Maintenance Request Registration

Create Permit to Work

  • Create permit to work templates
  • Add existing forms to permit to works
  • Add approvers
  • Create permits to work based on templates

Origin APP: Dynaway Safe Work

Permission Set Code: DAMSW CREATE PERMIT

Role (profile): DAMSWPTWCREAT
Role Name: Permit to Work Creation

Fill Permit to Work

  • Open existing permits to work
  • Fill in attached forms (with pictures and documents)
  • Send permits to work for approval

Origin APP: Dynaway Safe Work

Permission Set Code: DAMSW FILL PERMIT

Role (profile): DAMSWPTWMANAG
Role Name: Permit to Work Management

Create and Manage Lockout

  • Create lockouts
  • Approve lockouts
  • Fill in locks
  • Fill in unlocks
  • Finish lockouts
  • Add documents to lockout points

Origin APP: Dynaway Safe Work

Permission Set Code: DAMSW LOCKOUT CREAT

Role (profile): DAMSWLOCKCREAT
Role Name: Lockout Creation

Register Safety Incidents

  • Create safety incident
  • Add documents and pictures to the safety incident
  • Close safety incident

Origin APP: Dynaway Safe Work

Permission Set Code: DAMSW SAFETY INC REG

Role (profile): DAMSWSAFINCCREAT
Role Name: Safety Incident Creation

Register Handout of Tools

  • Register tool handouts (without documents and pictures)
  • Register tool returns (without documents and pictures)

Origin APP: Dynaway Tool Crib

Permission Set Code: DAMTL TOOL HAND RET

Role (profile): DAMTLHANDRETCREATE
Role Name: Tool Handout and Returns Creation

Create Production On Hold from Downtime

  • Create asset downtime from the asset tree
  • Set up production on hold
  • Change dates on the asset downtime
  • Close the asset downtime

Origin APP: Dynaway EAM Manufacturing

Permission Set Code: DAMMF HOLDPROD CREAT

Role (profile): DAMLUADOWNTCREATE
Role Name: Asset Downtime Creation

For this user - the permission set came from the EAM Manufacturing app, but the role was from Dynaway Light User.

Read permission sets.
Read permission sets.
Dynaway Roles.
Dynaway Roles.
Permission sets.
Permission sets.

Resources

Set up the resources (persons or machines) that should be available for work scheduling in your maintenance department.

You can set up

  • at least one resource group, for example, "Maintenance Team", for internal resources (Asset Technicians). If required, you can divide Asset Technicians into more groups/teams. If you use external contractors to work on maintenance jobs, you can also set up a specific group for that purpose.
  • the resources who should be available for scheduling
  • the daily capacity (available work hours) for each resource

Resource setup is standard D365BC functionality. Refer to Microsoft documentation: Set Up Resources for information about resource, resource group, and capacity setup.

When you have set up resources in D365BC, next step is to set up Maintenance Employees in EAM-BC.

Maintenance Employees/Users

Set up Users and User Groups that are licensed to use EAM-BC. Maintenance employees are the employees in your company who are responsible for conducting maintenance. These employees can be for instance lockout or tagout managers, mechanics, or electricians. Maintenance users can be set up as single users or as user groups. Having a user group allows you to schedule work to a whole group. For example, if you want to schedule work to a group of welders who all have a specific welding certificate. You can also schedule work orders for specific users like Asset Technicians.

Only users set up as maintenance employees can create data.

The following procedure describes how to set up users and user groups.

  1. In your role center, select Assets Setup > Maintenance employees.  
  2. Select the New button. 
  3. Select Type: user, or user group.
  4. Enter Name (the name or ID shown in drop-downs), and Full name for a user group. If you've selected the type "User", the Full name is automatically transferred from the Users standard list.
  5. For users, select a resource in the Resource No. field (person or machine) that the user is related to.
  6. If you're creating a group, select the Group Members button and add the employees that should be included in the group.
  7. For groups, you can select the Work Types button and set up the work types related to the selected group.
  8. If a user requires read access to the Scheduling Board module, select the Scheduling Board Read Only check box for that user.
    1. The Scheduling Board Read Only column is only visible if you have installed the Dynaway Scheduling Board app from Microsoft AppSource.
  9. If a user is a Lockout or Tagout manager - select a specific check box for that user.
    1. the Lockout Manager and Tagout Manager columns are only visible if you have installed the Dynaway Safe Work app from Microsoft AppSource.
  10. If a user is a Light User and when the relevant line is selected, use the Light User action to define this maintenance employee as a light user.

Any Business Central user with proper permission set for the Maintenance Employee table can edit/add/remove records from that table.

Maintenance Employees.
Maintenance Employees.

Maintenance Employees Page

1 About maintenance employees. Set up the employees and groups that are licensed to work with Dynaway EAM for Business Central (EAM-BC).
2 Set up individual users or groups. Set up your maintenance employees as individual users or assign them to a group. For individual users, select a resource (a person or a machine) that the user is related to.
3 Working in teams. Create a group and assign users to the group. A user can be member of more than one group.
4 Assign work types to teams. Set up work types on groups describing, for example, specific tasks or professional skills. Resources can be selected on work types.

Group Members

When you create a user group in Maintenance Employees, you must assign users to the group.

  1. In the Maintenance Employees list, you add a new group. Select the group.
  2. Select the Group Members button to add users to the group.
  3. In the Group Members list, select New.
  4. Select the User Name to be added to the group.

Group Work Types

When you create a user group in Maintenance Employees, you can assign Work Types to the group.

Work types are used on Work Order Plans and Work Orders to define the type of job to be carried out on a work order. Examples are Cleaning, Inspection, Lubrication, and Repair.

  1. In the Maintenance Employees list, you added a new group. Select the group.
  2. Select the Work Types button to add a work type to the group.
  3. In the Group Work Types list, select New.
  4. Select the Work Type Code to be added to the group. Work Type Description is automatically inserted.

Maintenance Employees in Multiple Companies

In D365BC, you can manage work in multiple companies. This means you can provide access for Maintenance Employees to make registrations in multiple companies.

  • Note, before you start to provide Maintenance Employees access to multiple companies, you need to make sure that you have installed Dynaway EAM (EAM-BC) in the D365BC tenant that you want to manage company accounts in.

Refer to Microsoft documentation for information on how to Create New Companies in D365BC.


In the event that you have multiple companies under one license, and some of these are maintenance companies, you are able to control the accessibility of users if only maintenance employees should have access to maintenance companies. Maintenance companies can be set up in Tell me > Dynaway EAM License Information. Refer to the screenshot below.

From Maintenance Companies, a list opens where you need to specify all of your maintenance companies. On the Users page, you can specify which maintenance employees have access to maintenance companies.

The setup of EAM-BC must be done in each company that you want Maintenance Employees to work in.

Here are a few examples for consideration if you set up Maintenance Employees to work with EAM-BC in multiple companies. We use two companies as examples, but you may have more, for example, several production sites with the same production equipment setup.

  • Use a similar setup for number sequences for Assets and Maintenance Items
    • Example: Asset numbering in company A and company B is set up using similar number sequences, only the prefix is different (A.00001-A.99999 and B.00001-B.99999). Asset numbers are easy to recognize, and the prefix tells you which company you are currently working in.
  • Use a similar setup for the Asset Tree structure
    • Referring to the example above, Asset numbering should be similar, apart from the prefix, and if the parent-child relation is similar in two companies, the tree structure should reflect that. This means maintenance employees can easily find Assets in a tree structure in any company setup.
  • Use a similar setup for creating Work Order Plans
    • As mentioned above, use similar number sequences in company A and company B for Work Order Plans.
    • We also recommend a similar setup for Work Order Categories and Work Order Priorities.

Set up Maintenance Company in Dynaway EAM License Information
Set up Maintenance Company in Dynaway EAM License Information

Permission Sets

Dynaway created some default permission sets for managers, technicians, and other users. These sets can be used right after installing the app so you can start using it without additional setup from the permission sets perspective. If you want to, you can always create permission sets that fit to your needs and apply them to your users.

Below you will find a list of all permission sets from all of our apps.

DAM EAM BASIC

DAM EAM BASIC is a permission set that is needed for each user of EAM (managers and technicians). Permission set includes access to tables that are used by the manager and technicians in the same way.

DAM EAM MANAGER

DAM EAM MANAGER is a dedicated permission set for managers. You can find access that gives the possibility to run processes that can only be done by a manager. For example, a manager can do direct changes on the asset card when the permission set dedicated for the technician allows performing indirect changes on the asset. This permission set is needed if this user is responsible for creating maintenance data in your company.

DAM EAM TECHNICIAN

DAM EAM TECHNICIAN is a dedicated permission set for technicians. With this set, you will be able to perform some processes like posting work orders, editing lines on orders, or changing some records indirectly. Permission set gives READ access to all needed data. For example, with this set, you are able to read data from tables like Work Order Priority, Asset Category, etc., but you are not able to create or modify records in these tables.

DAM EAM READ

DAM EAM READ is a technical permission set that includes READ access to all tables from the EAM app. You can use it for users who need access to EAM data. For example, if you want your accountants (who work in BC) to have access to assets, work orders, etc., you need to add this permission set to these users. With this permission set, the user will be able to open any maintenance page and read data from it.

DAM LICENSE CHECK

DAM LICENSE CHECK is a technical permission set that includes READ access to all tables from the EAM app that are needed to check the license. Your managers and technicians should already have this access, so this permission set might be used in a situation where the user is not a typical maintenance user.

DAM EAM PROD. OPER.

DAM EAM PROD. OPER. is a permission set dedicated to the users who work with production orders but for some reason need access to EAM. When you're using manufacturing connected to maintenance, and you want that our manufacturing users are able to register for example counter readings, you need to provide this permission set to these users.

DAMFRM MANAGER

DAMFRM MANAGER is a dedicated permission set for form managers. The user with this permission set is able to create new forms and all the needed data for them. This is a permission set dedicated to the person who works as a form template creator/editor.

DAMFRM RESPONDER

DAMFRM RESPONDER is a dedicated permission set for the user who will need to answer on created forms. This person is not able to create new form templates but is able to respond to created forms. It's not important from what place the form was created (asset, general form, or work order).

DAMFRM READ

DAMFRM READ is a technical permission set that includes READ access to all tables from the FORMS app. You can use it for users who need access to FORMS data. For example, if you want that your HR employees (who work in BC) have access to forms, you need to add this permission set to these users. With this permission, the user will be able to open any form page and read data from it.

DAMMR MANAGER

DAMMR MANAGER is a dedicated permission set for the maintenance requests manager. The user with this permission set is able to manage created maintenance requests. This is a similar permission set to EAM MANAGER but for maintenance request purposes.

DAMMR TECHNICIAN

DAMMR TECHNICIAN is a dedicated permission set for maintenance requests technicians. The user with this permission set is able to work with the maintenance request from the technician's perspective. This is a similar permission set to EAM TECHNICIAN but for maintenance request purposes.

DAMMR REQUESTOR

DAMMR REQUESTOR is a dedicated permission set for users who are able to create new maintenance requests. You might consider adding this permission set for users who are working in the same company and are not connected to maintenance, but sometimes want to create a maintenance request (e.g. because they noticed that something is wrong with an asset).

DAMMR READ

DAMMR READ is a technical permission set that includes READ access to all tables from the Maintenance Requests app. You can use it for users who need access to Maintenance Requests data. For example, if you want your employee (who works in BC) to have access to maintenance requests, you need to add this permission set to these users. With this permission, the user will be able to open any maintenance request page and read data from it.

DAMSW MANAGER

DAMSW MANAGER is a dedicated permission set for the safe work manager. The user with this permission set is able to create and manage documents like lockouts, tagouts, or permits to work, and all needed data for them like statuses or categories.

DAMSW TECHNICIAN

DAMSW TECHNICIAN is a dedicated permission set for the safe work technician. The user with this permission set is able to work and proceed all created safe work documents.

DAMSW READ

DAMSW READ is a technical permission set that includes READ access to all tables from the Safe Work app. You can use it for users who need access to Safe Work data. For example, if you want your employee (who works in BC) to have access to safe work (lockout, tagout, permit to work, etc.), you need to add this permission set to these users. With this permission, the user will be able to open any safe work page and read data from it.

DAMSW ENTRIES

DAMSW ENTRIES is a dedicated permission set for the user who creates records in the Entrance Log. This permission set has nothing in common with any other area of Safe Work app.

DAM EAM SCHEDULER

DAM EAM SCHEDULER is a dedicated permission set for the manager who uses scheduling boards to plan work in your company. It means that the user with this permission set is able to use all functions of the Scheduling Board and Asset Activity Board.

DAM EAM S.BOARD READ

DAM EAM S.BOARD READ is a dedicated permission set for the user who has access to the Scheduling Board or Asset Activity Board but this user is not able to edit work from the board. This is a permission set only for the read mode of these boards.

DAMTL TOOL HANDOUTS

DAMTL TOOL HANDOUTS is a dedicated permission set for users who will create tool handouts and returns in your company. A tool as a document is an Asset from the database perspective. So the creation of the tool is a part of the maintenance manager permission set. DAMTL TOOL HANDOUTS is only for registering handouts and returns.

DAMTL READ

DAMTL READ is a technical permission set that includes READ access to all tables from the Tool Crib app. You can use it for users who need access to Tool Crib data. For example, if you want your employee (who works in BC) to have access to registered handouts and returns, you need to add this permission set to these users. With this permission, the user will be able to open any tool crib page and read data from it.

DAMINV SALES POST

DAMINV SALES POST is a permission set dedicated to the user who is not a maintenance manager but needs to post sales invoices created with maintenance invoicing.

Copyright Dynaway A/S

Privacy Policy