This article provides information about roles and user access to Microsoft Dynamics 365 Fraud Protection.
Microsoft Dynamics 365 Fraud Protection offers a defined set of user roles, each of which has access to specific features and functions. Users access Fraud Protection differently, depending on their user role in the organization's Azure tenant. When you add a new user to the system, you can select the roles to assign roles to the user. For information about how to set up user roles and access in Fraud Protection, see Configure user access.
All the roles in the following list are named as they are named in your production environment. To grant users access to these roles in your sandbox environment, select the version of the role that begins with "Sandbox_". For example, Sandbox_AllAreas_Admin.
Roles
Product admin – This top-level administrative account has full access to your Fraud Protection instance and all the environments in the hierarchy.
AllAreas_Admin – This high-level administrative account has full access to an environment and its child environments Fraud Protection.
AllAreasEditor – A user in this role is a power user who can view all areas and has permissions to use key Fraud Protection tools in an environment and its child environments. However, this role doesn't give access to make user role assignments.
AllAreasViewer – A user in this role can view all areas of Fraud Protection and learn from the data, but can't do uploads or change settings in an environment and its child environments.
SupportAgent – This role provides tailored access to Fraud Protection for support agents who work with your customers. A user in this role can view and work in the support tool, view the ontology, and assign customers to safe lists or block lists in an environment and its child environments.
FraudEngineer – This role provides tailored access for fraud analysts and engineers in your organization who work with Fraud Protection. A user in this role has similar access to a user in the AllAreasEditor role. This user can access the data engineering information but doesn't have access to some configuration options in an environment and its child environments.
ManualReviewAnalyst – A user in this role is responsible for reviewing individual transactions and approving or declining them. Manual review analysts have access to the Search tool and queues in Case management.
ManualReviewSeniorAnalyst – In addition to reviewing individual transactions and approving or declining them, a user in this role can also set up routing rules. Manual review senior analysts have access to the Search tool, queues, and Routing rules in Case management.
ManualReviewFraudManager – A user in this role is intended to manage manual review operations for the merchant. A user in this role can assign user access, configure assessment rules, create queues, define routing rules, and view performance reports.
Risk_API – This role provides access to the API for an environment and its child environments but not to the user-facing tool.
Note
If the selection of roles that's shown to you differs from the following list, you might be using the payment service provider version of Fraud Protection.In this case, see Payment service provider user roles and access for the list of roles.
Permissions
Members can access their Fraud Protection account and use a Microsoft Entra account to sign in. Tables below describe permissions that different roles have on various functionalities within the Fraud Protection portal.
Assessments
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer
Read only
All Areas Viewer, Manual Review Fraud Manager
No access
Support Agent, Manual Review Analyst, Manual Review Senior Analyst
Decision Rules, Post Decision Actions and Branches
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer, Manual Review Fraud Manager
Read only
All Areas Viewer
No access
Support Agent, Manual Review Analyst, Manual Review Senior Analyst
Monitoring Report (Assessments)
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer, Fraud Engineer, Manual Review Fraud Manager
No access
Support Agent, Manual Review Analyst, Manual Review Senior Analyst
Virtual Fraud Analyst
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor
Read only
All Areas Viewer, Fraud Engineer, Manual Review Fraud Manager
No access
Support Agent, Manual Review Analyst, Manual Review Senior Analyst
Search, View Transaction Details & Export
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Notes
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Read only
All Areas Viewer
Case Management - Queues
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Read only
All Areas Viewer
No access
Support Agent, Fraud Engineer
Case Management - Queues : Assign users
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
No access
All Areas Viewer, Support Agent, Fraud Engineer
Case Management - Reviewing Cases
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Read only
All Areas Viewer
No access
Support Agent, Fraud Engineer
Case Management - Report
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer, Manual Review Fraud Manager
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer, Manual Review Fraud Manager
Read only
All Areas Viewer
No access
Support Agent, Manual Review Analyst, Manual Review Senior Analyst
Note
The Support Agent role can't access the Support list page, but can modify the list from Transaction detail page, on the Support tab under Purchase assessment.
To create a Microsoft Entra application, the user must also be assigned the Application Administrator, Cloud Application Administrator, or Global Administrator role in your Azure tenant.
Settings - Usage
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer
All Areas Admin can assign all roles except Product Admin.
Manual Review Fraud Manager can only assign these roles: ManualReviewFraudManager, ManualReviewAnalyst, ManualReviewSeniorAnalyst.
Settings - Subject Requests: Submit new requests
Permission
Roles
Read/Write
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer
No access
All Areas Viewer, Support Agent, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer
Actions
Product Admin, All Areas Admin, All Areas Editor, Fraud Engineer
Search
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Fraud Manager, Manual Review Senior Analyst,
Notes
Product Admin, PSP Admin, Fraud Manager, Fraud Supervisor, Fraud Analyst, Manual Review Agent, Customer Service Support
Manage Environments - Create and Delete Environments
Permission
Roles
Read/Write
Product Admin, All Areas Admin
No access
All Areas Editor, All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Note
All Areas Admin can't create root (top-level) environments. They can only create children environments.
Manage Environments - Update Environments
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor
No access
All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Note
Updates include updating name and tags, and assigning APIs.
Admin Settings - Subscription & Billing
Permission
Roles
Read only
Product Admin
No access
All Areas Admin, All Areas Editor, All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Admin Settings - Configuration
Permission
Roles
Read only
Product Admin, All Areas Admin
No access
All Areas Editor, All Areas Viewer, Support Agent, Fraud Engineer, Manual Review Analyst, Manual Review Senior Analyst, Manual Review Fraud Manager
Loss Prevention
Permission
Roles
Read only
Product Admin, All Areas Admin, All Areas Editor, All Areas Viewer, Fraud Engineer
Guest users can access Fraud Protection after they accept an email invitation and sign up or sign in. To accept an invitation to Fraud Protection, follow these steps.
Check your email inbox for an email that has the subject line "<Name> invited you to access applications within their organization."
Select Accept invitation.
If an existing Microsoft account or related account uses your email address, you are prompted to use that account to sign in. Otherwise, follow the steps to sign up for a new account. After you're signed in, you should have access to Fraud Protection.
Return to the invitation email, and write down or bookmark the exact link that appears after the text, "If you accept this invitation, you'll be sent to...." This link is in the format https://dfp.microsoft.com/.../....
Each time that you access Fraud Protection, you must use this exact link.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem: https://aka.ms/ContentUserFeedback.