1. Data Management
  2. Security and Compliance Studio
  3. Optimize licenses

Monitor accessed securable objects

To optimize licenses, you can monitor the accessed securable objects for each user. You can compare the accessed securable objects with the allocated securable objects. To limit license costs, you can remove permissions for not-accessed securable objects.


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Start Start Monitor user accessed securable objects Monitor user accessed securable objects For each user, you can monitor the accessed securable objects. You can compare the accessed securable objects with the allocated securable objects. To limit license costs, you can remove permissions for not-accessed securable objects. Procedure 1. Click Security management. 2. Click Security explorer. 3. On the Action Pane, click View access details. 4. Select the Show enabled users only check box. 5. Select the securable object type for which you want to monitor user access details. In the Security object field, select an option. Note: For roles, privileges, or duties, the access details are based on the accessed related entry points. For example, if an entry point is linked to two roles, both roles appear in the Roles accessed grid when the user accessed that entry point. 6. For each user, you can compare the accessed entry points with the permitted entry points. In the Users list, find and select the desired user, and compare the permitted entry points with the accessed entry points. Note: In the Access pane, by default, the accessed menu items are shown in descending order, first by the Last accessed on field and then by No. of access field. This helps you quickly see which entry points the selected user uses most and least. You can use this information to adjust roles or permissions based on usage patterns. 7. Close the page. 8. Close the page. Notes To compare user accessed entry points with the permitted entry points, in the Security and compliance studio parameters, on the Logs tab, set the Enable continuous user logging field to Yes. As a result, each time a user accesses an entry point, this is logged in the User continuous log. The data as shown on the View accessed entry points page is based on the User continuous log. Clean up logged user  accessed entry points? Clean up logged user  accessed entry points? Clean up user accessed entry points log Clean up user accessed entry points log If continuous user logging is enabled, each time a user accesses an entry point, this is logged in the User continuous log. You can clean up the User continuous log manually or in a recurring mode. Procedure 1. Go to Security and compliance > Inquiries > User continuous log. 2. Click Clean up logs for entry points accessed. 3. In the Retention days field, enter a number. 4. Sub-task: Set up batch processing. 5. Expand the Run in the background section. 6. Select Yes in the Batch processing field and fill in the fields as desired. 7. Click Recurrence and fill in the fields as desired. 8. Click OK. 9. Click OK. Notes The data as shown on the View accessed entry points page is based on the User continuous log. So, cleaning up the user continuous log, also effects the data shown on the View accessed entry pints page. End End Yes No

Activities

Name Responsible Description

Monitor user accessed securable objects

Security administrator

For each user, you can monitor the accessed securable objects. You can compare the accessed securable objects with the allocated securable objects. To limit license costs, you can remove permissions for not-accessed securable objects.

Clean up user accessed entry points log

Security administrator

If continuous user logging is enabled, each time a user accesses an entry point, this is logged in the User continuous log.

You can clean up the User continuous log manually or in a recurring mode.

Provide feedback