Finance | Project Operations, Human Resources, ...

Track who has added a user

(0) Share

Report

Posted on by Gaute K

316

Hi. Is it possible to enable tracking to see who added a user? We have a lot of users with the system admin role, and sometimes we are not sure who added a new user.

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

GirishS 27,827 Moderator on at

Like (0)

Report

Hi Gaute,

I think you can consider database logging.

Take a look at the below blog post.

https://dynamics-tips.com/database-logging-d365-finance-and-operations/

Thanks,

Girish S.

Was this reply helpful? Yes No
Frank Hamelly | MVP... 46,625 Super User 2025 Season 2 on at

Like (0)

Report

Why do you need a lot of users with system admin role? This exposes the system to data risks.

Was this reply helpful? Yes No
André Arnaud de Cal... 300,917 Super User 2025 Season 2 on at

Like (0)

Report

Hi Gaute,

To add on Frank's comment, you should work on reducing the system administrators. A recent customer has 6 administrators where we suggested to get rid of them all. The Security administrator role is able to add users and assign roles. Just let people adding users is also not best practice. It would be recommended to have a system to log security requests and only after approval have a user added to the system with particular permissions. An exception might be in case you would need to add all users and grant employee self-service as a role. Then the security requests can be used for logging and approving other security roles to be added to specific users who need to have access to the ERP.

For the logging, you can try the database log as mentioned by Girish, but for users and roles, it was never a great experience for me. You can also enable the created by field using a table extension for the table SysUserInfo.

Was this reply helpful? Yes No
Gaute K 316 on at

Like (0)

Report

Most of the users with the system admin role are external consultants from our implementation/support partner. Is it bad practice to give external consultants this role? Any recommendations?

Regarding database logging. What is the table/field I need to enable tracking for called?

Was this reply helpful? Yes No
André Arnaud de Cal... 300,917 Super User 2025 Season 2 on at

Like (1)

Report

Hi Gaute,

External consultant would not need to have access to a production environment. They can set up or analyse issues in another sandbox. It would be a huge risk if an external consultant would be able to create a fake vendor, post a fake invoice and have the payment included. Also consider privacy or sensitive data. In a sandbox, it is possible to obfuscate some data.

If there is an urgent issue to be investigated, external consultants might get temporary access or read-only access if there is no time to restore a backup in a non-production environment.

You can try enabling a log on the table SysUserInfo and/or UserInfo table. They are both created at the same time when a user gets created.

Was this reply helpful? Yes No