Forum Discussion

user316onmicrosoft's avatar
user316onmicrosoft
Copper Contributor
Mar 24, 2026

D365 Licensing vs Security Roles – Why can users access data without the required license?

I am working as a Power Apps developer in a Dynamics 365 environment that has the Field Service module enabled. In the same environment, some users only have Sales licenses.

 

I assigned a security role that provides read access to the Warehouse table to a user with a Sales license. The user is able to access and read the data successfully, even though they do not have a Field Service license.

 

This makes me unclear about how licensing is enforced in Dynamics 365. If security roles alone can grant access to tables, how do licenses actually restrict functionality? Why is it necessary to purchase additional licenses if users can still access data through security roles?

 

Could someone clarify how licensing enforcement works in this scenario and what the best practice is?

accessibility
Account Management
community
Private Messaging
profile

1 Reply

  • Surya_Narayana's avatar
    Surya_Narayana
    MCT
    Apr 04, 2026

    hi user316onmicrosoft​ This is a great question  and honestly, a point that confuses a lot of people when they first work with Dynamics.

    What you’re seeing is actually expected behavior in Dynamics 365.

    Security roles and licensing are two separate layers:

    • Security roles control what a user is allowed to access (tables, records, actions)
    • Licenses control what a user is entitled to use from a Microsoft compliance and feature perspective

    Why your Sales user can read Warehouse data

    If: The Warehouse table is accessible via Dataverse

    And the user has a security role with read permission

    Then technically, the platform will allow access, regardless of whether the user has a Field Service license.

    So yes, security roles can expose data across modules.

    So what do licenses actually enforce?

    Licensing is enforced more around:

    • Access to specific apps (e.g., Field Service app UI)
    • Use of premium features / capabilities
    • API/service limits and entitlements
    • Compliance (this is the big one)

    It’s not always a hard technical block at the table level.

     Important implication

    Even though it works technically, it may still be:

    • Out of compliance with licensing terms
    • A potential audit risk

    Microsoft expects that if a user is accessing Field Service data/functionality, they should have the appropriate license.

    Best practice

    Use security roles for least-privilege access

    Use licenses to align with actual usage of modules

    Avoid exposing cross-module data unless there’s a valid business need

    Periodically review access vs license assignments

    Simple way to think about it

    Security role = “Can they access it?”

    License = “Are they allowed to use it?”

    Both need to align.