1. Data Management
  2. Security and Compliance Studio
  3. Audit security

Manage access to sensitive data

In Security and compliance studio, you can manage which securable objects have access to sensitive data. For each securable object, you can:

  • Give access to sensitive data.
  • Undo access to sensitive data.


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Start Start Set up sensitive data access reasons Set up sensitive data access reasons If you give a securable object access to sensitive data, you must specify the reason you do so. This topic explains how to set up sensitive data access reasons. Each sensitive data access reason has one of these types: Common personal - Used to indicate access to common personal data, like name and birth date. Sensitive personal - Used to indicate access to sensitive personal data, like ethnic origin and trade union membership. A set of predefined sensitive data access reasons is available. You are advised to upload these predefined sensitive data access reasons before you add new ones. Procedure 1. Click Security audit. 2. Click Sensitive data access reasons. 3. Sub-task: Add predefined sensitive data access reasons. 4. Click Default data. 5. Sub-task: Add new sensitive data access reason. 6. Click New. 7. In the Reason field, type a value. 8. In the Type field, select an option. 9. Close the page. Give access to sensitive data Give access to sensitive data You can give a securable object access to sensitive data. If you give a securable object access to sensitive data, automatically all related securable objects get access to sensitive data as well. For example, if you give a duty access to sensitive data, the related users, roles, privileges, and entry points also get access to sensitive data. In the steps, as an example, a duty is given access to sensitive data. Procedure 1. Click Security audit. 2. Click Manage sensitive data access. 3. In the Duties pane, find and select the desired duty. Note: You can use the pin options to show the related securable objects. 4. Click Give sensitive data access. 5. On the dialog, in the Reason field, enter or select a value. 6. In the Description field, type a value. 7. Click OK. 8. Close the page. Notes Changes in access to sensitive data are logged in the security history. Undo access to sensitive data Undo access to sensitive data You can undo the access to sensitive data for a securable object.If you, for a securable object, undo the access to sensitive data, automatically also the access to sensitive data is undone for all related securable objects.For example, if you undo access to sensitive data for a duty, the access to sensitive data is also undone for the related users, roles, privileges, and entry points.In the steps, as an example, access to sensitive data is undone for a privilege. Procedure 1. Click Security audit. 2. Click Manage sensitive data access. 3. In the Privileges pane, find and select the desired privilege. Note: You can use the pin options to show the related securable objects. 4. Click Undo sensitive data access. 5. On the dialog, in the Reason field, type a value. 6. Click OK. 7. Close the page. Notes Changes in access to sensitive data are logged in the security history. Are sensitive data  access reasons defined? Are sensitive data  access reasons defined? Give access or  undo access to sensitive data? Give access or  undo access to sensitive data? End End No Yes Give access Undo access

Activities

Name Responsible Description

Set up sensitive data access reasons

Security administrator

If you give a securable object access to sensitive data, you must specify the reason you do so. This topic explains how to set up sensitive data access reasons.

Each sensitive data access reason has one of these types:
  • Common personal - Used to indicate access to common personal data, like name and birth date.
  • Sensitive personal - Used to indicate access to sensitive personal data, like ethnic origin and trade union membership.
A set of predefined sensitive data access reasons is available. You are advised to upload these predefined sensitive data access reasons before you add new ones.

Give access to sensitive data

Security administrator

You can give a securable object access to sensitive data.

If you give a securable object access to sensitive data, automatically all related securable objects get access to sensitive data as well.
For example, if you give a duty access to sensitive data, the related users, roles, privileges, and entry points also get access to sensitive data.
In the steps, as an example, a duty is given access to sensitive data.

Undo access to sensitive data

Security administrator

 		You can undo the access to sensitive data for a securable object.
If you, for a securable object, undo the access to sensitive data, automatically also the access to sensitive data is undone for all related securable objects.
For example, if you undo access to sensitive data for a duty, the access to sensitive data is also undone for the related users, roles, privileges, and entry points.
In the steps, as an example, access to sensitive data is undone for a privilege.

See also

Provide feedback