1. Data Management
  2. Security and Compliance Studio
  3. Manage security

Manage data security

You can use table security to manage permissions on table field level. You typically use this to delimit access to specific data. For example:

  • In sensitive areas like human resources data or credit limit information on customers.
  • In relation to master data management, to delimit the possibilities to edit data that is maintained from a central place. 


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Security auditor Security auditor Record table security Record table security You can use table security to manage permissions on table field level. Use table security recording to define the tables and table fields for which you want to set or change permissions. After recording the fields, you can define the desired access right for each recorded field. Procedure 1. Click Security management. 2. Click the Data security tab. 3. Click New. 4. In the Name field, type a value. 5. In the Description field, type a value. 6. Click OK. Note: Continue with these steps which can't be played in a task guide: 7. Navigate to the page for which you want to set or change the permissions. 8. Click the plus (+) symbol for fields to be added to the recording. 9. On the Record table security dialog, click Stop recording. 10. On the Record table security dialog, in the Access right field, select the desired option. 11. You can also delete a recorded field from the recording. To do so, select the field, and click Delete. 12. If you are done, close the dialog. Notes Each recording activity is logged in the data security history. You can view this history in these places:On the Security management workspace or the Security audit workspace, on the Data security tab, on the History tab.On the Table security page, in the History FactBox.For each table security recording, you can change its status and owner. You can do so with the related buttons on the toolbar of the Table security page. Extend table security recording Extend table security recording You can extend an existing table security recording with additionally recorded table fields. Procedure 1. Click Security management. 2. Click the Data security tab. 3. In the list, find and select the desired record. 4. Click Extend recording. Note: Continue with these steps which can't be played in a task guide: 5. Navigate to the page for which you want to set or change the permissions. 6. Click the plus (+) symbol for fields to be added to the recording. 7. On the Record table security dialog, click Stop recording. 8. On the Record table security dialog, in the Access right field, select the desired option. 9. You can also delete a recorded field from the recording. To do so, select the field, and click Delete. 10. If you are done, close the dialog. Notes Each change to a table security recording is logged in the data security history. You can view this history in these places:On the Security management workspace or the Security audit workspace, on the Data security tab, on the History tab.On the Table security page, in the History FactBox. Change table security recording Change table security recording You can make changes to a table security recording. Procedure 1. Click Security management. 2. Click the Data security tab. 3. In the list, find and select the desired record. 4. Click Edit. 5. Sub-task: Remove permission. 6. In the Permissions list, find and select the desired record. 7. Click Remove. 8. Click Yes. 9. Sub-task: Change access right for permission. 10. In the Permissions list, find and select the desired record. 11. In the Modify access right field, select an option. 12. Close the page. Notes Each change to a table security recording is logged in the data security history. You can view this history in these places:On the Security management workspace or the Security audit workspace, on the Data security tab, on the History tab.On the Table security page, in the History FactBox. Start Start Override permissions on roles Override permissions on roles To apply the table field permissions as defined for a table security record, you must override these permissions on the applicable roles. Procedure 1. Click Security management. 2. Click the Data security tab. 3. In the upper pane, find and select the desired record. 4. Click Override permissions on roles. 5. In the list, find and select the roles to which the permissions must be assigned. 6. Click OK. 7. Click Yes. 8. Click No. Notes Each override of permissions on roles is logged in the data security history. You can view this history in these places:On the Security management workspace or the Security audit workspace, on the Data security tab, on the History tab.On the Table security page, in the History FactBox. Do you want to override the  role permissions  based on the  table security record? Do you want to override the  role permissions  based on the  table security record? Create security audit report Create security audit report You can use the security audit report to analyze permissions and permission changes that are made to recorded elements during a specific period. You can create the report based on: Scenario - The report shows any permission changes to the securable objects as made in the selected scenario. Data security record - The report shows any permission changes to the tables and table fields as made in the selected data security record. You can only create this report if Security and compliance IT audit is initialized. Procedure 1. Click Security audit. 2. Click Print audit report. 3. In the Scenario field, enter or select a value. 4. In the Data security field, enter or select a value. 5. In the From field, enter a date. 6. In the To field, enter a date. 7. You can select several users. To do so, in the Users field, open the look-up, and click in front of the desired user records. So, the check mark is shown. Then click Select. In the Users field, enter or select a value. Note: You can also enter a range of users. To do so, select the first and last user of the range and click Select. In the user field, replace the comma (,) with a dash (-). 8. In the Sort order field, select an option. 9. Click Change. 10. Click OK. 11. Click OK. Security audit report  required? Security audit report  required? End End Yes No Yes No

Activities

Name Responsible Description

Record table security

Security administrator

You can use table security to manage permissions on table field level. Use table security recording to define the tables and table fields for which you want to set or change permissions. After recording the fields, you can define the desired access right for each recorded field.

Extend table security recording

Security administrator

 		You can extend an existing table security recording with additionally recorded table fields.

Change table security recording

Security administrator

 		You can make changes to a table security recording.

Override permissions on roles

Security administrator

 		To apply the table field permissions as defined for a table security record, you must override these permissions on the applicable roles.

Create security audit report

Security auditor
You can use the security audit report to analyze permissions and permission changes that are made to recorded elements during a specific period.

You can create the report based on:
  • Scenario - The report shows any permission changes to the securable objects as made in the selected scenario.
  • Data security record - The report shows any permission changes to the tables and table fields as made in the selected data security record.
You can only create this report if Security and compliance IT audit is initialized.

Provide feedback