How to control which procurement categories a user can see when creating a Purchase Requisition

Tip of the Day: In Dynamics 365 Finance & Operations, you can control which procurement categories a user (worker) can see by doing the following setup.

Setup:

1. Ensure employees are tied to an organization

• Employees must be linked to a position

• The position must be linked to a department / business unit

• The department must exist in an organization hierarchy with purpose Procurement internal control

(Without this, the policy can’t be evaluated correctly).

2. Create or update a Purchasing Policy

Navigate to:

Procurement and sourcing > Setup > Policies > Purchasing policies

• Open an active purchasing policy

• Assign it to:

  • A legal entity, or

  • An organizational hierarchy (recommended if you want different rules per department)

3. Add a Category access policy rule

• Policy rule type: Category access policy rule

• Select the allowed procurement categories

• Optionally:

  • ✅ Include subcategories

  • ✅ Apply parent rule inheritance

Only the selected categories will be visible to employees covered by this policy.

4. Add a Category policy rule (Optional)

If you want to enforce behavior within those categories (for example, vendor restrictions), add:

• Category policy rule

• Use the same categories as the access rule

How this applies to a specific employee

If you need to restrict one employee:

• Put that employee in:

  • A dedicated department, or

  • A position tied to a specific department

• Apply a purchasing policy to that department

• Define category access rules for that policy

This is the intended design—policies apply by organization, not by user ID.

Note: Microsoft purchasing control is policy-driven, not security-driven.

✅ Best-practice patterns

Summary

• Use Purchasing policies

• Add a Category access policy rule

• Scope the policy via organizational hierarchy

• Employees only see and buy from allowed categories

• This is 100% standard D365FO functionality