Security roles

Ingrid Flesche Låtun Updated by Ingrid Flesche Låtun

 D365 FinOps Security Roles


Intention of role

Cepheo Expense Extension app manager

Manage and monitor registered expenses from the app.

Normally provided to users responsible for following up expenses that - for some reason - have been stopped during processing.

Cepheo Expense Extension app user

Must be provided to add data into expense line entities and attachments to expense lines.

This is the minimum role needed to register expenses from the app.

Cepheo Expense Extension manager

Administrator role. Should be provided to only one or a couple of users. This role provides access to all menu items in FinOps, which allows the user to manage the Expense extension (set up parameters, tax code and rates, etc.) and to monitor the app.  

 Power Platform Security Roles

  • The Power Platform (PP) Security Roles must provided in the standard solution
  • The below PP Security Roles are mandatory to exploit the full capabilities of the Expense App, meaning these roles must be provided to each user that is intended to use the Expense app


Intention of Role

Cepheo Expense App User

Provides access to virtual entities that are relevant for Cepheo Expense Extension and Expense App.

Allows the user to create, submit and delete expenses from the app.

Cepheo Expense App Attachments

Provides access to add and save attachments in dataverse.


How did we do?

Implementation Guide