This guide explains how to enable Dr Dynamics – My Purchase Order Security Pack for users in Dynamics 365 Finance & Operations.

When configured, users with the selected role will only see purchase orders where they are the Requestor or Orderer.

Before you start

You need:
● A user with the Security administrator role● Dr Dynamics – My Purchase Order Security Pack deployed to the environment● The security roles you want to restrict identified in advance

Important recommendation

We recommend that you create copies of standard roles such as Buying agent or Purchasing agent before applying the security policy context.
This gives you two options:● an unrestricted role for users who should still see all purchase orders● a restricted role for users who should only see their own purchase orders
Example:● Buying agent → standard unrestricted role● Buying agent – My PO Security → restricted role with POMyWorker

Step-by-step setup

Step 1: Open Security configuration

Go to System administration.

Select Security.

Open Security configuration.

Step 2: Choose the role to restrict

On the Roles tab, select the role you want to use for restricted access.

Examples:

Buying agent

Purchasing agent

If you are following best practice, select your copied custom role rather than the original Microsoft standard role.

Step 3: Create a copy of the role (recommended)

If you want to preserve the original unrestricted role:

Select the existing role, for example Buying agent.

Click Copy.

Enter a clear name for the new role.

Recommended naming examples:

Buying agent – My PO Security

Purchasing agent – Restricted PO Visibility

Save the copied role.

Select the new copied role.

Step 4: Enter the security policy context string

With the target role selected, locate the field called Security policy context string.

Enter the following value exactly:

POMyWorker

Make sure:

the value is entered exactly as shown

there are no extra spaces before or after the text

the value uses the same capitalization

This context string activates the purchase order filtering behavior for that role.

Step 5: Publish the changes

After updating the role:

Click Publish or complete the security configuration publishing step used in your environment.

Wait for the security changes to finish publishing.

Do not skip this step. The change will not take effect until the updated security configuration has been published.

Step 6: Assign the role to users

Assign the restricted role to the users who should only see their own purchase orders.

If you kept the original role and created a restricted copy, make sure users are assigned to the correct role.

Typical approach:

assign the restricted copied role to general purchasing users

keep the original unrestricted role for managers, supervisors, or shared-service users who need broader visibility

Step 7: Test the setup

Sign in as a test user who has the restricted role assigned.

Then:

Open All purchase orders.

Review the visible records.

Confirm the user only sees purchase orders where they are the Requestor or Orderer.

You should also test with:

a user who should have restricted visibility

a user who should retain full visibility

at least one purchase order that belongs to another user

This helps confirm the role design is working as intended.

Expected resultAfter setup is complete, users assigned to a role with the Security policy context string set to POMyWorker will only see purchase orders relevant to them.
This helps enforce least-privilege access and reduce unnecessary visibility across purchasing and finance teams.

Recommended role design

For most customers, the best setup is:

keep standard roles unchanged

create copied restricted roles for affected user groups

assign restricted roles only where limited purchase order visibility is required

This approach is safer and easier to support because it preserves an unrestricted fallback role if broader access is needed later

Text element