1. Data Management
  2. Security and Compliance Studio
  3. Manage security

Manage users

Users are internal employees of your organization, or external customers and vendors, who require access to the system to perform their jobs.
For more information, refer to Role-based security.


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Import user Import user Users are internal employees of your organization, or external customers and vendors, who require access to the system to perform their jobs. You can import users from the Microsoft Entra ID users. Procedure 1. Click Security management. 2. Click the Users tab. 3. Click Import. 4. In the list, find and select the desired record. 5. In the Add roles based on field, enter or select a value. 6. Select Yes in the Assign to same organizations field. 7. Click Import users. 8. Sub-task: Assign roles. 9. In the list, find and select the imported user. 10. Click Edit. 11. Click Assign roles. 12. In the list, find and select the desired record. 13. Click OK. 14. Close the page. Create user Create user Users are internal employees of your organization, or external customers and vendors, who require access to the system to perform their jobs.You can manually create users in the system. Procedure 1. Click Security management. 2. Click the Users tab. 3. Click New. 4. In the User ID field, type a value. 5. In the User name field, type a value. 6. In the Email field, type a value. 7. In the Company field, enter or select a value. 8. In the Person field, enter or select a value. 9. Sub-task: Assign roles. 10. Click Assign roles. 11. In the list, find and select the desired record. 12. Click OK. Note: The role assignment is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules. 13. Close the page. Copy security setup to another user Copy security setup to another user You can copy the security setup of a selected user to another user. All security roles, as assigned to the selected user, are copied to the other user.You can also copy the organization access, as defined for the copied roles, to the other user. If a copied security role is already assigned to the other user, this role is updated with the organization access rights from the copied role.On copy, the security setup of the other user is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the security setup is validated against the enhanced segregation of duties rules. Procedure 1. Click Security management. 2. Click the Users tab. 3. In the list, find and select the desired record. 4. Click Edit. 5. Click Copy security setup to open the drop dialog. 6. In the User ID field, enter or select a value. 7. Select Yes in the Copy assigned organizations field. 8. Click OK. 9. Close the page. Give user roles access to organizations Give user roles access to organizations You can give a user access to several organizations by assigning several user roles to these organizations. Procedure 1. Click Security management. 2. Click Users. 3. In the list, click the link in the selected row. 4. On the User's roles pane, click Manage access on roles to multiple organizations. 5. Sub-task: Select roles. 6. On the Not selected pane, in the list, find and select the desired roles. 7. Click Add. Note: If you add a role that is not yet assigned to the user, it is assigned to the user when added to the Selected roles. 8. Sub-task: Select organizations. 9. Click Assign organizations. 10. Use the Assign organizations page to select the organizations to which the user must get access for the selected roles. The user and selected roles are shown at the top of the page. You can repeat the steps in this sub-task as often as is desired. 11. In the Access to organizations field, select an option. 12. In the Select organization hierarchy field, select an option. Note: This field is only available if you selected Grant access to specific organizations individually. 13. In the tree, select 'an organization'. 14. Click Grant. Note: - If the selected organization has children, you can also click Grant with children. As a result, access is also given to the child organizations. - As a result, for each selected role the user is given access to the selected organization. For each role-and-organization combination, a record is added to the grid. 15. Close the page. Move users to another role Move users to another role You can move users from one role to another role. You can use this, for example, if you have created a new variant of an existing role. You can then move the users from the old role to the new role.As a result, the moved users are no longer available on the old role.You can only move a user if it doesn't:Already exist on the other role.Cause segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules. Procedure 1. Click Security management. 2. Click Assign users to roles. 3. In the tree, select 'the role from which you want to move users'. 4. Click Move users. 5. In the Security roles list, select the role to which you want to move users. 6. In the Users to be moved from role list, select the users to be moved. 7. Select Yes in the Copy assigned organizations field. 8. Click OK. 9. Close the page. Disable users that do not exist in Microsoft Entra ID Disable users that do not exist in Microsoft Entra ID You can run the Microsoft Entra ID user status batch job to disable users in D365 FO if these users no longer exist in the Microsoft Entra ID. Make sure, this batch job is run about 30 minutes before the Analyze license usage (Named user license count reports processing) batch job is run. So, the license usage count is based on actual users. Procedure 1. Go to Security and compliance > Periodic tasks > Apply Microsoft Entra ID user status 2. Expand the Run in the background section. 3. Select Yes in the Batch processing field. 4. Click Recurrence. 5. Click OK. 6. Click OK. Start Start How to create a user? How to create a user? Set up user groups Set up user groups To use some features and functionality in D365 FO, user groups can be required. For example, users are outside the organization hierarchy for budget planning but must work with budget plans. You can assign budget plans to user groups. You can also set up restrictions for journal posting that are based on user groups.This topic describes how to create a user group and add users to it. Procedure 1. Go to Security and compliance > Inquiries > Users groups. 2. Sub-task: Create user group. 3. Click New. 4. In the Group field, type a value. 5. Enter a long name for the group. A long name is required. For example, enter Budgeting group A or Journal posting group 1. In the User group name field, type a value. Note: To avoid confusion, we recommend that you make the names of user groups as descriptive as you can. 6. Sub-task: Add user to user group. 7. In the Remaining users list, find and select the desired users. 8. Click the right arrow (->) button to move the selected users to the Selected users list. 9. Close the page. Notes The List tab shows the full list of user groups and linked users. Use user groups? Use user groups? End End Import Create Yes No

Activities

Name Responsible Description

Import user

Security administrator
Users are internal employees of your organization, or external customers and vendors, who require access to the system to perform their jobs.
You can import users from the Microsoft Entra ID users.

Create user

Security administrator
Users are internal employees of your organization, or external customers and vendors, who require access to the system to perform their jobs.
You can manually create users in the system.

Copy security setup to another user

Security administrator

 		You can copy the security setup of a selected user to another user. All security roles, as assigned to the selected user, are copied to the other user.
You can also copy the organization access, as defined for the copied roles, to the other user. If a copied security role is already assigned to the other user, this role is updated with the organization access rights from the copied role.
On copy, the security setup of the other user is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the security setup is validated against the enhanced segregation of duties rules.

Give user roles access to organizations

Security administrator

 		You can give a user access to several organizations by assigning several user roles to these organizations.

Move users to another role

Security administrator

 		You can move users from one role to another role. You can use this, for example, if you have created a new variant of an existing role. You can then move the users from the old role to the new role.
As a result, the moved users are no longer available on the old role.

You can only move a user if it doesn't:
  • Already exist on the other role.
  • Cause segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.

Disable users that do not exist in Microsoft Entra ID

Security administrator

You can run the Microsoft Entra ID user status batch job to disable users in D365 FO if these users no longer exist in the Microsoft Entra ID.

Make sure, this batch job is run about 30 minutes before the Analyze license usage (Named user license count reports processing) batch job is run. So, the license usage count is based on actual users.

Set up user groups

Security administrator

To use some features and functionality in D365 FO, user groups can be required. For example, users are outside the organization hierarchy for budget planning but must work with budget plans. You can assign budget plans to user groups. You can also set up restrictions for journal posting that are based on user groups.

This topic describes how to create a user group and add users to it.

Provide feedback