Skip to main content

Notifications

Announcements

No record found.

Dynamics 365 Community / Forums / Finance forum / How to revoke a specif...
Finance forum
Suggested answer

How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

Posted on by 85

I am looking for way to revoke a Security Role for a User in Dynamics365 FO for a specific organization only. I have tried following options:

1. https://<FO-BASE-URL>/data/SecurityUserRoleOrganizations?$filter=UserId eq 'U!' and SecurityRoleIdentifier eq 'BUDGETBUDGETCLERK' and OrganizationType eq 'LegalEntity' and OrganizationId eq 'dat'

2. https://<FO-BASE-URL>/SecurityUserRoleOrganizations(UserId='U!', SecurityRoleIdentifier='BUDGETBUDGETCLERK', OrganizationId='DAT')

None of the above URLs are working. instead, I am getting "No route data was found for this request." message. HTTP response code is 404.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Please Note: To remove the Role altogether (for all the organizations) following URL is working.

https://<FO-BASE-URL>/data/SecurityUserRoles(UserId='U1', SecurityRoleIdentifier='LEDGERACCOUNTANT' )

But my requirement is to remove the role from a specific organization.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 287,995 Super User on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    Hi Neeraj,

    Your observation is correct that the two calls will insert two records. To remove the access to the 'dat' company you should have a separate OData call to delete it.

    I'm not familiar with using direct OData. I'm using the Office add-in or Power Automate which takes care of the correct OData calls. You can probably find some more information in the documentation and referenced links; docs.microsoft.com/.../odata

  • Neeraj D Profile Picture
    Neeraj D 85 on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    To re-phrase my question, I would like to know how I would be able to delete an entry from SecurityUserRoleOrganizations? I tried a couple or service endpoints with no luck.

  • Neeraj D Profile Picture
    Neeraj D 85 on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    Hi Andre,

    I tried your solution. Either it did not work or I didn't understand what you are saying. Can you please provide an example or the service endpoint that you intend to convey.

    What I tried is:
    Sent a post request on: https://<base-FO-URL>/data/SecurityUserRoleOrganizations

    with JSON payload as follows:

    {
                "UserId""NeerajU1",
                "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",
                "OrganizationId""DAT",
                "OrganizationType""LegalEntity"
            }
    Now I saw that this Role is only for DAT on the D365FO portal. Now I sent the request again with following payload hoping that the role is only for "NDCO"
    organization and it will remove the role for "DAT" (that is what I understood from your solution)
    {
                "UserId""NeerajU1",
                "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",
                "OrganizationId""NDCO",
                "OrganizationType""LegalEntity"
            }
    But, instead of removing "DAT", it added NDCO for it and now I see the role for both the organizations
    I still have one more confusion. How to send multiple legal entities in a single request inorder for your solution to work?
  • Neeraj D Profile Picture
    Neeraj D 85 on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    Ok, I will try this and get back here.

  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 287,995 Super User on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    HI Neeraj,

    If you need to revoke a single legal entity from a role, you have to assign all valid legal entities. A role has access to all legal entities, unless you specify which would be included in the role.

    E.g. you have the next legal entities.

    DAT

    LE01

    LE02

    LE03

    LE04

    LE05

    LE06

    LE07

    LE08

    LE09

    LE10

    If you need to revoke LE04, then you need to assign the role and to the user/role combination assign the next legal entities:

    DAT

    LE01

    LE02

    LE03

    LE05

    LE06

    LE07

    LE08

    LE09

    LE10

  • Neeraj D Profile Picture
    Neeraj D 85 on at
    RE: How to revoke a specific security role for a specific organization in Dynamics365FO using restAPI/ odata service endpoints

    I have also tried sending a JSON body as follows:

    {

               "UserId": "U1",

               "SecurityRoleIdentifier":"BUDGETBUDGETCLERK",

               "OrganizationId": "DAT",

               "OrganizationType": "LegalEntity"

           }

    My http request type for all the above requests is DELETE

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,995 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,610 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans