1. Data Management
  2. Security and Compliance Studio

Define basic settings

Define the basic settings for the Security and compliance studio.


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Set Security and compliance studio parameters Set Security and compliance studio parameters Before you start using the Security and compliance studio, set the Security and compliance studio parameters. Procedure 1. Click Security management. 2. Click Parameters. 3. Sub-task: Set general parameters. 4. In the Prefix field, type a value. 5. You can use a color to highlight: On the Match roles page, the duties and privileges with the same securable object as the already selected duties and privileges. These records are highlighted if you click Find matched entry points. On the Security explorer to highlight, for the pinned record, the references with the highest user license type. Select Yes in the Color for securable objects field. Note: In the color box, you can move the + pointer to choose the desired color. 6. Select Yes in the Lock 'Initialize Security and compliance IT audit' job field. 7. In the Limit number of snapshots field, enter a number. 8. You can enable automatic updates of security configuration changes to the latest snapshot. So, no new snapshot is required each time you change the security configuration. Automatic updates of security configuration changes to the latest snapshot are done when you, for example: Publish changes. Approve security requests. Update or create a role with the wizard. Import security configurations. Assign users to roles. Select Yes in the Enable dynamic snapshot field. Note: If you use dynamic snapshots, you are advised to create a snapshot regularly. You do so to ensure that no security inconsistencies occur and to create a safety net, 9. You can use a color to highlight securable objects that have access to sensitive data. These securable objects are highlighted on the: Create role wizard Locked security roles page Match roles page Select Yes in the Highlight sensitive data over SCS field. Note: In the color box, you can move the + pointer to choose the desired color. 10. Sub-task: Set license count parameters. 11. The purchased number of D365 FO licenses is stored in admin.microsoft.com. You can monitor the actual license usage compared to the purchased number of licenses. To do so, for each license type, fill in the purchased number of licenses in the parameters. You can fill in the number of base licenses (no license name extension) and the number of attach licenses ('attach license' extension in license name). Monitoring the license usage prevents you from over-usage or under-usage of licenses. Click the License count tab. Note: On the License count tab, you can click 'Open admin.microsoft.com' to find the actual number of purchased D365 FO licenses for each license type. 12. Sub-task: Manage data migration. 13. Click the Data migration tab. 14. Select No in the Security scenarios migrated field. 15. When you have upgraded Security and compliance studio to release 10.0.6.2 and security scenarios existed before the upgrade, migrate these security scenarios. Click Migrate security scenarios. Note: When the security scenarios are migrated, in the Security scenarios migrated field, select Yes. 16. Click Update Scenario data entity. 17. Securable objects such as roles, duties, privileges, and entry points are global. So, these are independent of companies. In Security and compliance studio, some of this data was stored per company. These tables are now also made global. On migration to release 10.0.6.2, all existing securable objects must be made global. If a securable object exists for several companies, the securable object of the current company is kept and made global. The same securable objects in the other companies are deleted. Click Resolve cross-company data errors. Note: Only run this batch job once. 18. Sub-task: Enable enhanced segregation of duties rules. 19. Click the Enhanced SoD rules tab. 20. Select Yes in the Enable enhanced SoD rules field. 21. Click Copy SoD to Enhanced SoD. 22. Click OK. 23. Sub-task: Set number sequence. 24. Go to Organization administration > Number sequences > Number sequences. 25. In the Area field, select 'Security and Compliance Studio'. Note: Initially, no number sequence is available for the Security and compliance studio area. 26. Click Manual cleanup. 27. Click Reset. 28. Click Yes. 29. Click Generate and finish the wizard. 30. Go to Default dashboard. 31. Click Security management. 32. Click Parameters. 33. Click the Number sequences tab. 34. Click to follow the link in the Number sequence code field. 35. Close the page. 36. Sub-task: Set logging parameters. 37. Click the Logs tab. 38. In the Audit log retention period (In days) field, enter a number. 39. In the Sensitive data log retention period (In days) field, enter a number. 40. Select Yes in the Enable continuous user logging field. 41. Close the page. Start Start Set up areas Set up areas You can use areas to categorize security requests. Procedure 1. Go to Security and compliance > Setup > Areas. 2. Sub-task: Create areas based on main menu entries. 3. Click Default data. 4. Sub-task: Create manually. 5. Click New. 6. In the Area field, type a value. 7. In the Area field, type a value. 8. In the Owner field, type a value. 9. In the Description field, type a value. Do you want to use  areas to categorize  security requetss? Do you want to use  areas to categorize  security requetss? End End Yes No

Activities

Name Responsible Description

Set Security and compliance studio parameters

Security administrator

 		Before you start using the Security and compliance studio, set the Security and compliance studio parameters.

Set up areas

Security administrator

 		You can use areas to categorize security requests.

See also

Provide feedback