D365 Licensing vs Security Roles – Why can users access data without the required license?

hi user316onmicrosoft​ This is a great question  and honestly, a point that confuses a lot of people when they first work with Dynamics.

What you’re seeing is actually expected behavior in Dynamics 365.

Security roles and licensing are two separate layers:

• Security roles control what a user is allowed to access (tables, records, actions)
• Licenses control what a user is entitled to use from a Microsoft compliance and feature perspective

Why your Sales user can read Warehouse data

If: The Warehouse table is accessible via Dataverse

And the user has a security role with read permission

Then technically, the platform will allow access, regardless of whether the user has a Field Service license.

So yes, security roles can expose data across modules.

So what do licenses actually enforce?

Licensing is enforced more around:

• Access to specific apps (e.g., Field Service app UI)
• Use of premium features / capabilities
• API/service limits and entitlements
• Compliance (this is the big one)

It’s not always a hard technical block at the table level.

 Important implication

Even though it works technically, it may still be:

• Out of compliance with licensing terms
• A potential audit risk

Microsoft expects that if a user is accessing Field Service data/functionality, they should have the appropriate license.

Best practice

Use security roles for least-privilege access

Use licenses to align with actual usage of modules

Avoid exposing cross-module data unless there’s a valid business need

Periodically review access vs license assignments

Simple way to think about it

Security role = “Can they access it?”

License = “Are they allowed to use it?”

Both need to align.