Finance | Project Operations, Human Resources, ...

Track who has added a user

(0) Share

Report

Posted on by Gaute K

322

Hi. Is it possible to enable tracking to see who added a user? We have a lot of users with the system admin role, and sometimes we are not sure who added a new user.

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

GirishS 27,833 Moderator on at

Like (0)

Report
Copy link

Link copied!

Hi Gaute,

I think you can consider database logging.

Take a look at the below blog post.

https://dynamics-tips.com/database-logging-d365-finance-and-operations/

Thanks,

Girish S.

Was this reply helpful? Yes No
Frank Hamelly | MVP... 46,625 Moderator on at

Like (0)

Report
Copy link

Link copied!

Why do you need a lot of users with system admin role? This exposes the system to data risks.

Was this reply helpful? Yes No
André Arnaud de Cal... 303,439 Super User 2026 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Hi Gaute,

To add on Frank's comment, you should work on reducing the system administrators. A recent customer has 6 administrators where we suggested to get rid of them all. The Security administrator role is able to add users and assign roles. Just let people adding users is also not best practice. It would be recommended to have a system to log security requests and only after approval have a user added to the system with particular permissions. An exception might be in case you would need to add all users and grant employee self-service as a role. Then the security requests can be used for logging and approving other security roles to be added to specific users who need to have access to the ERP.

For the logging, you can try the database log as mentioned by Girish, but for users and roles, it was never a great experience for me. You can also enable the created by field using a table extension for the table SysUserInfo.

Was this reply helpful? Yes No
Gaute K 322 on at

Like (0)

Report
Copy link

Link copied!

Most of the users with the system admin role are external consultants from our implementation/support partner. Is it bad practice to give external consultants this role? Any recommendations?

Regarding database logging. What is the table/field I need to enable tracking for called?

Was this reply helpful? Yes No
André Arnaud de Cal... 303,439 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

Hi Gaute,

External consultant would not need to have access to a production environment. They can set up or analyse issues in another sandbox. It would be a huge risk if an external consultant would be able to create a fake vendor, post a fake invoice and have the payment included. Also consider privacy or sensitive data. In a sandbox, it is possible to obfuscate some data.

If there is an urgent issue to be investigated, external consultants might get temporary access or read-only access if there is no time to restore a backup in a non-production environment.

You can try enabling a log on the table SysUserInfo and/or UserInfo table. They are both created at the same time when a user gets created.

Was this reply helpful? Yes No