web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / How to revoke a specif...
Finance | Project Operations, Human Resources, ...
Suggested Answer

How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

(1) ShareShare
ReportReport
Posted on by Neeraj D 85

I am looking for way to revoke a Security Role for a User in Dynamics365 FO for a specific organization only. I have tried following options:

1. https://<FO-BASE-URL>/data/SecurityUserRoleOrganizations?$filter=UserId eq 'U!' and SecurityRoleIdentifier eq 'BUDGETBUDGETCLERK' and OrganizationType eq 'LegalEntity' and OrganizationId eq 'dat'

2. https://<FO-BASE-URL>/SecurityUserRoleOrganizations(UserId='U!', SecurityRoleIdentifier='BUDGETBUDGETCLERK', OrganizationId='DAT')

None of the above URLs are working. instead, I am getting "No route data was found for this request." message. HTTP response code is 404.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Please Note: To remove the Role altogether (for all the organizations) following URL is working.

https://<FO-BASE-URL>/data/SecurityUserRoles(UserId='U1', SecurityRoleIdentifier='LEDGERACCOUNTANT' )

But my requirement is to remove the role from a specific organization.

I have the same question (0)
  • Neeraj D Profile Picture
    Neeraj D 85 on at

    I have also tried sending a JSON body as follows:

    {

               "UserId": "U1",

               "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",

               "OrganizationId": "DAT",

               "OrganizationType": "LegalEntity"

           }

    My http request type for all the above requests is DELETE

  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 300,911 Super User 2025 Season 2 on at

    HI Neeraj,

    If you need to revoke a single legal entity from a role, you have to assign all valid legal entities. A role has access to all legal entities, unless you specify which would be included in the role.

    E.g. you have the next legal entities.

    DAT

    LE01

    LE02

    LE03

    LE04

    LE05

    LE06

    LE07

    LE08

    LE09

    LE10

    If you need to revoke LE04, then you need to assign the role and to the user/role combination assign the next legal entities:

    DAT

    LE01

    LE02

    LE03

    LE05

    LE06

    LE07

    LE08

    LE09

    LE10

  • Neeraj D Profile Picture
    Neeraj D 85 on at

    Ok, I will try this and get back here.

  • Neeraj D Profile Picture
    Neeraj D 85 on at

    Hi Andre,

    I tried your solution. Either it did not work or I didn't understand what you are saying. Can you please provide an example or the service endpoint that you intend to convey.

    What I tried is:
    Sent a post request on: https://<base-FO-URL>/data/SecurityUserRoleOrganizations

    with JSON payload as follows:

    {
                "UserId""NeerajU1",
                "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",
                "OrganizationId""DAT",
                "OrganizationType""LegalEntity"
            }
    Now I saw that this Role is only for DAT on the D365FO portal. Now I sent the request again with following payload hoping that the role is only for "NDCO"
    organization and it will remove the role for "DAT" (that is what I understood from your solution)
    {
                "UserId""NeerajU1",
                "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",
                "OrganizationId""NDCO",
                "OrganizationType""LegalEntity"
            }
    But, instead of removing "DAT", it added NDCO for it and now I see the role for both the organizations
    I still have one more confusion. How to send multiple legal entities in a single request inorder for your solution to work?
  • Neeraj D Profile Picture
    Neeraj D 85 on at

    To re-phrase my question, I would like to know how I would be able to delete an entry from SecurityUserRoleOrganizations? I tried a couple or service endpoints with no luck.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 300,911 Super User 2025 Season 2 on at

    Hi Neeraj,

    Your observation is correct that the two calls will insert two records. To remove the access to the 'dat' company you should have a separate OData call to delete it.

    I'm not familiar with using direct OData. I'm using the Office add-in or Power Automate which takes care of the correct OData calls. You can probably find some more information in the documentation and referenced links; docs.microsoft.com/.../odata

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 664 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 522 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 303 User Group Leader

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans