Skip to main content



No record found.

How to configure Financial Reporting security

Financial Reporting for Dynamics 365 Finance has several different ways to securely report on your financial data. This presentation will introduce you to the different security options available for both small and large organizations. Look to see if you learn something new!

Table of Contents

Security Roles 

Different security roles can perform different activities within Financial Reporting. The roles can be summarized as either an administrator, a designer, a generator, or a viewer. An administrator in Dynamics 365 will need to grant users one of the standard roles or apply one of the referenced duties to your custom roles to grant access to Financial Reporting. 

All roles except the viewer role can access the Report Designer application, but not all roles can modify reports. Many report generation tasks can be done directly in the Financial Reporting page without opening the Report Designer. All report design and maintenance tasks must be done by a user with appropriate privileges within the Report Designer.

Privilege Duty Roles Access to Report Designer app
Maintain financial reporting security Maintain financial reporting security Security administrator, System Administrator Yes; Edit
Maintain financial reports Maintain financial reports Accounting Manager, Accounting Supervisor, Financial Controller, Budget Manager Yes; Edit
Generate financial reports Generate financial reports CEO, CFO, Accountant Yes; Read Only
View financial reports Review financial performance None assigned No

Single legal entity but no reporting tree or single company in use

Financial Reporting enforces company security when configured in Dynamics 365 Finance through organization assignment within security roles. Reports will only appear in the legal entity that they were generated for. This is a basic example of security that works when there is no reporting tree, when the reporting tree only references a single legal entity by name, or when @ANY is specified for the company in the reporting tree. Let us look at the following example:

Contoso has three legal entities: USMF, DEMF, and USRT. Roger the Accountant has access to USMF and DEMF, but not USRT. If Roger is in USMF and generates the report, he will see the Income Statement for USMF. If he switches to DEMF he won't see a report there until it is generated for DEMF. He cannot switch to company USRT, so he won't see the same report there. Another accountant (Arnie) with access to all companies can see Roger's reports that were generated in USMF and DEMF. Likewise, Roger can see Arnie's report generations in USMF and DEMF.

Side by side view of the same report in USMF and DEMF with no access to USRT

Company security with multiple legal entities and reporting trees

Financial Reporting checks for company security during generation and will also check during report viewing. The caveat to note here is that reports need to foot so you may see values at a line level when drilling into the report from a summary level.

Amounts appearing in drilldown without access to company

Summary report nodes are typically accomplished by using @ANY for the company in the reporting tree. They can contain one or multiple legal entities' data. To enforce security at a summary level you will need to use reporting tree security described below. 

No company security or securing summary nodes

If company security is not enabled or if you wish to secure summary nodes of the report then reporting tree security must be defined. Users will automatically appear in security, but any groups must be manually created in Financial Reporting.

If a report is generated for multiple legal entities such as USMF, DEMF, and USRT, then that report will appear in all three of these companies. In this case our example user Roger can see USRT while in company USMF. Of course, he can also navigate to USRT directly in this scenario as well since he has company access.

If we wish to restrict access to the top node of Summary of All Units or any entity, we can do this through defining reporting tree security with users and groups.

Detail of company security only allowing Finance team to summary node of report

Security through obfuscation

You can hide some individual lines of a report in a few ways. This is commonly done for lines like payroll where you want to prevent users from seeing detail but seeing a summary amount is acceptable.

  • The XD print control will prevent drilldown on a line.
  • You can add a nonprinting row control (NP) and then include that row in a complex calculation (CAL) which will prevent drilldown. 
  • You can set the detail level of the report to financial level only which will have no detail to drill into. 

In the example here see the results that you see from drilldown. You can see the unsecured line from row 100 but no details from the other formatted rows. 

Report Designer report showing several rows

Report Designer showing several formulas and results in drilldown

Building block security (locks)

You can protect any building block from edits by adding a password. This can help for master formats that are the official versions or to reduce contention in large multi-company organizations. You can set or remove the password by clicking the lock icon at the top of a building block. Users without the password can open building blocks to perform a save-as, but can't perform edits on the original. 

Screenshot of using the protect function in financial reporting

Additional security options 

There is one hidden configuration option within the user security screen. For users in the designer role, you can optionally mark the option to edit scheduled reports. Administrators have this option permanently enabled but for designers an admin needs to opt them in. This setting is intended to help prevent unintentional changes to scheduled reports. 

User security options to enable editing of scheduled reports

There is one more hidden configuration option within the report definition settings tab under the other button and clicking the additional options tab. Selecting the option to disable unit security will bypass reporting tree security. This setting will not have any effect if using company security with Dynamics 365 Finance. 

Setting to disable unit security

Next Steps

I hope you found this post informative. Financial Reporting is a fantastic tool for standard financial report generation and to review your financials to look for variances. If you are interested in learning more about Financial Reporting I'd love to talk more. Reach out through LinkedIn to connect with me. 

If you have Premier Support, we have several team members that can assist with proactive and reactive offerings. Reach out today to your CSAM for a Dynamics 365 Finance workshop and we’ll have one of our experts work with you to get you the help you need. 

Chalk Talk - Dynamics 365 Finance - General Ledger and Financial Reporting

Chalk Talk - Dynamics 365 Finance - Advanced Financial Reporting

Chalk Talk - Dynamics 365 Finance - Financial Reporting Foundations


*This post is locked for comments

  • obergolsen Profile Picture obergolsen 10
    Posted at
    Hi again! I was able to insert a Reporting tree for all reports limiting the access to just a group of users. The exeption is the cost report the other group of users should be able to view. Seems to work fine for my scenario. /Øyvind Berg-Olsen
  • obergolsen Profile Picture obergolsen 10
    Posted at
    Hi again! I was able to insert a Reporting tree for all reports limiting the access to just a group of users. The exeption is the cost report the other group of users should be able to view. Seems to work fine for my scenario. /Øyvind Berg-Olsen
  • obergolsen Profile Picture obergolsen 10
    Posted at
    Hi Ryan, I have a challenge of restricting all existing reports but one in Financial Reporting from a group of users. They should not be able to run P&L, Balance reports, Cash statments etc. just one report defined for their requirements including drill down to Dynamics accounting. Is that even possible? I am trying out some of the different settings presented in your video, but you might have the shortcut to the solution? Kind regards Øyvind