D365 Finance & Operations and Dynamics AX Forum

Expand all | Collapse all

Script to limit users access to one company

  • 1.  Script to limit users access to one company

    Posted Oct 20, 2016 02:23 PM
    Edited by Ebrahim Khiyami Oct 20, 2016 03:26 PM

    Hello,

    Has anyone used, or is ware of, a script that can be used to limit users access to a certain company in multiple companies implementation. We're on 2012 R3. As you know, the "System User" security role by defaults allows access to all companies in the system, unless it's modified to do otherwise. I was wondering if there is a way to change users' profiles automatically as opposed to change individuals. thanks

    ------------------------------
    Ebrahim Khiyami

    Allegion
    Carmel IN
    ------------------------------



  • 2.  RE: Script to limit users access to one company

    Posted Oct 21, 2016 02:01 AM

    I don't know about 2012 (we are on 2009) but you can easily setup a domain with access to just the company that you want the user to be able to access & then copy the user group into that domain.

    This way all users with that user group will only be able to access the company specified in the domain.

    ------------------------------
    Alex Biasin
    Systems Accountant
    Talison Lithium Pty Ltd
    Donnybrook



  • 3.  RE: Script to limit users access to one company

    TOP CONTRIBUTOR
    Posted Oct 21, 2016 05:36 AM

    When assigning a role to a user, you can select if that role applies to ALL companies, or just to specific company/companies.

    If user does not "own" any role in a particular company, they will not be able to access anything on that company

    ------------------------------
    Zvika Rimalt
    Business Analyst
    Vancouver BC Canada



  • 4.  RE: Script to limit users access to one company

    Posted Oct 21, 2016 11:04 AM
    Edited by Ebrahim Khiyami Oct 21, 2016 11:04 AM

    hello Svika,

    Good to hear from you after we have met at the summit. I actually was asking if there is an automated  way to fix this after the fact that a mass amount of users been already imported in the system with the ability to access to all companies. I don't want to go through each one and change the "organization assignment" for each role for each user. This would take me forever.

    ------------------------------
    Ebrahim Khiyami
    System Engineer
    Allegion
    Carmel IN



  • 5.  RE: Script to limit users access to one company

    Posted Oct 25, 2016 01:29 AM

    Hi Ebrahim,

    I used Org Hierarchies, User Groups, and Automatic Role Assignment to achieve what you are looking to do.

    I first setup an Org Hierarchy for Security.

    vjKTJyOdTeqGUKr4GXTe_Org Hierarchy.png

    Then setup User Groups per Role and Org Hierarchy/Company combinations.

    F6S8im0iTiKlMld4qTnA_User Groups.png

    Next, under Assign Users to Roles, I added a rule with a query based on user groups. (Note: Assignment Mode for users in this role is Automatic)

    IkRwuQ6HSnSbnvetJhaD_Role Rule.pngEpvL2sq2STS7demzPrDq_Assign Heir - Rule.png

    Finally, I setup a Batch Job to run the automatic role assignment.

    BS4hGvKiTTWYUP0qDXds_Auto assign batch.png

    All I have to do is maintain the users to User Groups and wait for the batch job to run!

    I am exploring a shift from the above to an Active Directory Group concept. With this, I will create AD groups, AX Users with Account Type = Active Directory Group, assign the role, and assign the org hierarchy for each role and organization combo I need. This would eliminate the need to use User Groups, rules, and automatic assignments. AX security is now as simple as maintaining AD groups!

    x12uJ5WRMmrj35sARTNu_AD with hier.png

    ------------------------------
    Greg Mahr
    Business Analyst Sr
    U.S. Venture, Inc.
    Appleton WI



  • 6.  RE: Script to limit users access to one company

    Posted Oct 25, 2016 11:01 AM
    Edited by Ebrahim Khiyami Apr 16, 2018 01:57 PM

    Greg

    Thanks for taking time to share screens. I will try the steps your provided.

    ------------------------------
    Ebrahim Khiyami
    System Engineer
    Allegion
    Carmel IN



  • 7.  RE: Script to limit users access to one company

    Posted Mar 28, 2019 11:19 AM
    Hi Greg,
    How to make the Grant access for specific organisation individually.
    Is there a way to create a rule by adding a legal entity data source in a query .
    Thanks,
    Anbu

    ------------------------------
    Anbuthasan Jagatheesan

    ------------------------------



  • 8.  RE: Script to limit users access to one company

    MICROSOFT MVP
    Posted Apr 03, 2019 03:17 AM
    Hi Anbu,

    If you have multiple legal entities and you want to create rules for giving access to a certain legal entity, you can actually follow the procedure as described above and create multiple rules for the same security role.

    ------------------------------
    kind regards,

    André Arnaud de Calavon
    Solution Architect, Microsoft MVP - Microsoft Dynamics Business Solutions
    ------------------------------



If you've found this thread useful, dive deeper into User Group community content by role