Skip to main content

Notifications

Finance | Project Operations, Human Resources, ...
Suggested answer

Track who has added a user

(0) ShareShare
ReportReport
Posted on by 308
Hi. Is it possible to enable tracking to see who added a user? We have a lot of users with the system admin role, and sometimes we are not sure who added a new user. 
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,965 Super User 2025 Season 1 on at
    Track who has added a user
    Hi Gaute,
     
    External consultant would not need to have access to a production environment. They can set up or analyse issues in another sandbox. It would be a huge risk if an external consultant would be able to create a fake vendor, post a fake invoice and have the payment included. Also consider privacy or sensitive data. In a sandbox, it is possible to obfuscate some data.
    If there is an urgent issue to be investigated, external consultants might get temporary access or read-only access if there is no time to restore a backup in a non-production environment.
     
    You can try enabling a log on the table SysUserInfo and/or UserInfo table. They are both created at the same time when a user gets created.
  • Gaute K Profile Picture
    Gaute K 308 on at
    Track who has added a user
    Most of the users with the system admin role are external consultants from our implementation/support partner. Is it bad practice to give external consultants this role? Any recommendations?

    Regarding database logging. What is the table/field I need to enable tracking for called?
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,965 Super User 2025 Season 1 on at
    Track who has added a user
    Hi Gaute,
     
    To add on Frank's comment, you should work on reducing the system administrators. A recent customer has 6 administrators where we suggested to get rid of them all. The Security administrator role is able to add users and assign roles. Just let people adding users is also not best practice. It would be recommended to have a system to log security requests and only after approval have a user added to the system with particular permissions. An exception might be in case you would need to add all users and grant employee self-service as a role. Then the security requests can be used for logging and approving other security roles to be added to specific users who need to have access to the ERP.
     
    For the logging, you can try the database log as mentioned by Girish, but for users and roles, it was never a great experience for me. You can also enable the created by field using a table extension for the table SysUserInfo.
     
     
  • Frank Hamelly | MVP, MCP, CSA Profile Picture
    Frank Hamelly | MVP... 46,243 Super User 2025 Season 1 on at
    Track who has added a user
    Why do you need a lot of users with system admin role?  This exposes the system to data risks.
  • Suggested answer
    GirishS Profile Picture
    GirishS 27,821 Super User 2024 Season 1 on at
    Track who has added a user
    Hi Gaute,
     
    I think you can consider database logging.
    Take a look at the below blog post.
     
    Thanks,
    Girish S.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,965 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,836 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans