Exercise - Work with security

  • 30 minutes

Scenario - Create a new user and assign a security role

The HR department of company USMF has requested access to finance and operations apps for a new hired employee as an accounts payable clerk.

You must create a new user ID for the new hired employee and assign the default the company to USMF and associate the accounts payable clerk role.

  1. Go to System administration > Users > Users.
  2. Select New.
  3. In the User ID field, enter a unique identifier for the user. A user ID is required.
  4. In the User name field, enter John.
  5. In the Company field, select the drop-down button to open the lookup.
  6. In the list, select USMF.
  7. In the Email field, enter "john@contoso.com".
  8. Select Assign roles in the User's roles section.
  9. In the list, find and select Accounts payable clerk.
  10. Select OK.
  11. Select Save.

Scenario - Import users in bulk as a batch job

The HR department of company USMF is hiring new employees for different roles in the next few weeks. The active directory user accounts will be created as part of onboarding process. You must import many users from Microsoft Entra ID into finance and operations apps.

  1. Go to System administration > Users > Users.
  2. Select Batch import.
  3. Expand the Run in the background section.
  4. Select Yes in the Batch processing field.
  5. In the Task description field, type a value.
  6. In the Batch group field, enter or select a value, such as 'DOMBatch'.
  7. Select Yes in the Private field.
  8. Select Yes in the Critical Job field.
  9. In the Monitoring category field, select an option, such as 'Integration'.
  10. Select OK.
  11. After the batch job is completed, all new users from active directory will be imported in finance and operations apps.
  12. Close the page.

Scenario - Assign users to security roles dynamically

The HR department of USMF has requested to dynamically assign users to the Accounting supervisor role based on a criterion defined by HR department. Associate the Accounting supervisor role based on the rule defined by the HR department to the selected employees.

  1. Go to System administration > Security > Assign users to roles.
  2. In the tree, select Accounting supervisor.
  3. Select Add rule to open the drop-down dialog.
  4. In the list, find and select the wanted query rule, such as 'FMDynamicRoleAssignmentWorkerTitle'.
  5. In the list, select the link in the selected row.
  6. Select Edit query. You can change the query as you desire.
  7. Select OK.
  8. Close the page.

Scenario - Exclude users from a role assignment

The HR department of USMF has requested to remove access for the Accounts receivable clerk role in finance and operations apps for an employee who has changed role.

  1. Go to System administration > Security > Assign users to roles.
  2. In the tree, select Accounts receivable clerk.
  3. Select Manually assign / exclude users.
  4. In the list, select a user.
  5. Select Exclude from role to exclude the selected users from the role.
  6. To remove exclusions, select the users that you want to remove exclusions for, and then select Reset status.
  7. Close the page.

Scenario - Set up segregation of duties

The HR department of USMF has requested a rule for segregation of duties for the Access benefits workspace, and the Approve production journal. You must create the rule in finance and operations apps.

Complete the following procedure to create a rule. You must be a system administrator to complete the procedure. The demo data company used to create this procedure is DAT.

  1. Switch to company DAT in the top right corner of the page.
  2. Go to System administration > Security > Segregation of duties > Segregation of duties rules.
  3. Select New.
  4. In the Name field, enter a name for the rule.
  5. In the First duty field, select the drop-down button to open the lookup.
  6. In the list, find and select the first duty that is controlled by the rule, Access benefits workspace.
  7. In the Second duty field, select the drop-down button to open the lookup.
  8. In the list, find and select the second duty that is controlled by the rule, Approve production journal.
  9. In the Severity field, select the severity of the risk that occurs when the same user or role performs both duties.
  10. In the Security risk field, enter a description of the security risk.
  11. In the Security mitigation field, enter a description of the actions that you take to mitigate the security risk. For example, you can mitigate the risk by conducting more detailed reviews of the process, by conducting a monthly managerial review, or by sharing resources with other departments.
  12. Select Save.
  13. Close the page.