Should we avoid modifying OOTB roles, is this an unsafe practice?
If we cannot change them reliably, then is the best practice to make a copy with your ORG/company prefix and then modify?
Based on the practices I learned at the company I worked at early in my Dynamics career (~2008), I always copy the OOB roles and modify the copies.
Here are some reasons for this:
- Once you edit the roles if you ever decided you want them back to the default, it could be a pain to restore them. If you are going to edit them, before you touch them you might want to put the originals in a solution and export that solution.
- Editing a role can diminish its value as a template for new roles. If you leave them as is, you and anyone else who does security customizations start from the same place.
- Although I'm not sure it has ever happened, a Microsoft update could theoretically modify the OOB roles.