Dynamics 365 Integration Permission Requirements

miguelalbano · 5 hours ago

Hi everyone. We're in the process of onboarding Microsoft Dynamics 365 into our SAM module but we are struggling to understand and defend the level of access that the integration should have.

Existing documentation states the permissions required and the needed authentication scopes, but does not provide reasonable justification on why those roles and scopes are required as part of the SAM processes and workflows.

We're being asked, and rightfully so, to provide supporting documentation or justification for the level of access.

We have reached out to our ServiceNow advisory team, but would be interested to understand how others have dealt with this aspect of integration projects.

Thank you in advance for any contributions.

VikMach · 4 hours ago

@miguelalbano, I think docs is clear enough to understand that it is the process to "Download subscriptions" and "Pull user activity", without which SAM won't be able to track the usage and license subscription(s) of various users in the org. This is how SAM works to help customers know their software spend and usage in the org. The docs states which access/permission looks for what kind of data in the Microsoft Dynamics 365. Those points are valid and clear enough for anyone to understand and reason with their customers that API's can't be accessed without the "minimum" roles/permissions granted to fetch the required data. (They are only read level access.)
I would suggest to summarize the same docs with all the "why's" in layman's language without any technical jargon to avoid confusion.

Hope this helps!

Regards,
Vikas K

VikMach · 4 hours ago

@miguelalbano, a similar question was answered by ServiceNow employee. May be this can help.

Microsoft Dynamics 365 Integration Global Admin Role:
https://www.servicenow.com/community/sam-forum/microsoft-dynamics-365-integration-global-admin-role/...

Regards,
Vikas K