Interesting Issue With the SecurityUserRoleOrganization Data Entity in D365FO
Data entities within D365FO allow for external applications to interact with D365FO data. One data entity that I use both professionally and in my personal projects fairly regularly is SecurityUserRoleOrganization. This data entity is utilized to restrict a user role assignment to specific organizations within a D365FO environment. In most cases this is a legal entity or organization hierarchy… Continue Reading Alex’s...
Comparing Security Between D365FO Environments Solution Released
I’m happy to announce the public release of my ‘D365FO Security Comparison Utility’ available on my GitHub! Solution Download The solution download is available here: https://github.com/ameyer505/D365FOSecurityComparisonUtility/releases The source code for the application can be found here: https://github.com/ameyer505/D365FOSecurityComparisonUtility Overview of Solution Install the… Continue Reading...
Comparing Security Between D365FO Environments – Beta Solution
One complaint I hear quite often and a huge gap in the current D365FO offering from a security perspective is that there is not a good way to compare security between environments. This becomes especially difficult when upgrading to a new D365FO version or when wanting to confirm that no new security changes have been added between a testing environment and production along with many other… Continue Reading Alex’s Article...
Overview of Telemetry Data in D365FO
In the 10.0.30 release of D365FO, which went GA on Oct 21st 2022, Microsoft added the ability for customers to report on the telemetry data of their end users. I wanted to take a quick overview of this feature and start to look at opportunities to use this data. Prerequisites The telemetry data from Microsoft is stored in Azure Application Insights, so we have to create a resource for us to… Continue Reading Alex’s Article...
D365FO Extensible Data Security (XDS) Scenarios
I recently attended the Dynamic Communities North America Summit Conference and presented numerous sessions surrounding security and licensing in D365FO. One of my new sessions was around Extensible Data Security (XDS) and I was a little worried about such a technical session being put on the final morning of the conference. But I didn’t need to worry at all because I had a full room of… Continue Reading Alex’s...
How to Approach Advanced XDS Scenarios in D365FO
I’ve written about Extensible Data Security (XDS) in D365FO a couple times before, in those posts the XDS security policy is applied between two tables that have a direct tie to each other (ex: customers and customer groups). In this post, I wanted to show how you can use XDS even in scenarios where there isn’t a direct association or relationship between two tables. The Scenario The scenario… Continue Reading...
How to Identify and Options for Fixing Segregation of Duties and Licensing Issues in D365FO
There are many different options available to fix or address segregation of duties (SOD) and licensing issues in D365FO, I wanted to show the different options available so you can apply the best option for your particular scenario. Please note: The options provided for possible solutions are not a complete list of every possible way to address the issues With the scenarios below, if you are… Continue Reading Alex’s...
How to Handle Batch Jobs When Disabling or Deleting a User in D365FO
I had someone reach out to me about the ‘right’ way to handle batch jobs when disabling or deleting a user from D365FO. Let’s look at the options you have to avoid any issues. Why This is an Issue Batch jobs within D365FO allow for a way to execute a set of instructions that can be scheduled to run on a periodic basis. These are used extensively to perform business calculations and because… Continue Reading...
How to Use a .NET Project Within a D365FO Solution
I wanted to write today about why I utilize .NET projects for certain scenarios when developing X++ solutions for D365FO. How Is This Possible? How is it possible that you can have two different project types under one solution? I actually wrote about the changes that were happening to the X++ compiler way back in 2017, the change we are most interested in is that X++ code now compiles and… Continue Reading Alex’s Article...
An Update to ‘Creating a Read Only Role for D365FO – User Interface’
I had a comment on one of my blog posts that Microsoft had updated the functionality that existed to help create a read only role from the D365FO user interface so I wanted to show how much easier it is to perform this process now. In my previous post, I showed how you had to manually manipulate an XML file and use regular expressions find/replace to achieve the desired security file to be… Continue Reading Alex’s Article...
Issue With FieldObject Method on DictTable Class in D365FO
I recently ran into an interesting issue with using the FieldObject() method on the DictTable class when programming in X++ for D365FO. Scenario The scenario to replicate the issue is to create a DictTable object and then perform a fieldObject() method call on a field that doesn’t exist. According to Microsoft documentation, this method should return null if the object could not be created.
How to Grant Access to Navigation Modules in D365FO
A question I recently got asked was ‘Is there an easy way to grant access to different modules in the navigation within D365FO?’ I wanted to show how this can be done and provide some resources to hopefully help out! How is the Navigation Access Decided? Which navigation objects a user sees within D365FO is directly related to the menu items the user is assigned as the entries in the… Continue Reading Alex’s...
Segregation of Duties in D365FO
I’ve referred to the Segregation of Duties (SOD) feature in Dynamics 365 for Finance & Operations before but haven’t really gotten into the specifics of the feature itself, what it allows you to do and the shortcomings/gaps. What is Segregation of Duties? The idea of Segregation of Duties (aka Separation of Duties) is that a single user should not be able to perform certain actions in a… Continue Reading...
Presenting at Upcoming Microsoft Dynamics Conferences
DynamicsCon (virtual) When: March 15 – 17th 2022 Price: Free Register Here Session Information: Common D365FO Mistakes and How to Avoid Them I am co-presenting this session with another Microsoft MVP Andre Arnaud de Calavon. In this session, we will demonstrate real-world common D365FO security mistakes that customers make, discuss why these actions can introduce risk into your organization,… Continue Reading Alex’s...
Comparing D365FO Security Between Versions
A frequent request I get is with OneVersion updates in D365FO, how do we as end users know what security changes are occurring between D365FO versions? A fellow Microsoft MVP, Nathan Clouse, reached out to me asking about wanting to add the same information to his dynamics.fo website. He has dedicated this site to show changes that are occuring between D365FO versions. We decided to… Continue Reading Alex’s Article on...
How to Use Temp Tables as Grid Datasources for Data Analytics in D365FO
I was recently asked to find a way to perform some simple data analytics across some data within D365FO. In my case, this was audit data that could easily be millions of records so just exporting to an Excel file to do this was not really an option. Instead I wanted to build a simple form that would perform the analysis for me. Note: This could also be done very easily within a full data… Continue Reading Alex’s Article on...
Voting Now Open for DynamicsCon 2022 Sessions
Voting has now opened for DynamicsCon 2022 sessions! I have submitted two different sessions and there are many more great sessions to check out and vote for! Be sure to get your votes in before January 19th 2022! Successfully Navigate D365FO User Licensing Do you find user licensing in D365FO confusing? Do you second guess the number and type of licenses you need? Are you worried you are… Continue Reading Alex’s Article...
Automated Solution to Find Table Relations in AX 2012 and D365FO
Problem For anyone that has dealt with creating queries in AX 2012 and D365FO, you know it can be extremely difficult to determine possible table relations between tables. To help with this Microsoft released an ERD for AX 2012 (this can still be used for D365FO), unfortunately they no longer maintain this project but do allow for others to host it themselves. This ERD helps to show the… Continue Reading Alex’s Article on...
Get Custom D365FO Objects at Runtime Using X++
A while back, I asked a question on the D365FO forums about being able to generate a list of custom objects within an environment at runtime via X++. I never followed up on my answer there so I wanted to give a detailed response to how I ended up solving this. Before We Begin In the discussion on my initial question post it was brought up that you should be using a source control system (TFS,… Continue Reading Alex’s...
Restoring Deleted Security in D365FO
Recently ran into an interesting scenario where an end user deleted a security layer from the user interface and wanted to restore it. This security layer was an out of box security layer so it existed in the AOT. Here is the process on how to perform this task. Note: The following process only works in the scenario that the security layer exists in the AOT and you remove it from the user… Continue Reading Alex’s Article...
Determine Where Form Data is Stored in D365FO
There are many scenarios in D365FO where knowing where data on a form is coming from is needed. A couple scenarios include trying to write custom reports or for tracking data changes using something like the Fastpath Audit Trail tool. There are a couple different options on how to accomplish this so I wanted to walk through them. I’ve written about a similar topic to this in the past, but… Continue Reading Alex’s...
Creating a Read Only Role for D365FO – User Interface
I previously wrote about how to create a read only role for D365FO via the AOT. A lot of users thought my use of the term ‘easy’ in the title was misleading, which I can’t really argue with, It does get slightly technical on how to create it. So I thought it might be a good idea to make this process a little more user friendly and make a read only role that anyone could import into their… Continue Reading...
Using TPF to Protect Sensitive Data in Grid Columns for D365FO
I’ve covered the topic of the Table Permission Framework previously but wanted to give an example of how it can be used for protecting columns within grids in D365FO. Scenario There is a form within D365FO that contains a grid that has a sensitive data within a particular column that you would like to hide from certain users and only allow users explicitly assigned access to see/interact with… Continue Reading Alex’s...
Presenting at Upcoming User Group Conferences
I’m excited to be speaking in-person at a couple upcoming conferences. I am looking forward to seeing friends and other attendees again and sharing my knowledge and expertise! Dynamic Communities Summit North America October 12th – 15th | Houston, Texas Common Security Mistakes and How to Avoid Them In this session, we will demonstrate real-world common D365FO security mistakes that… Continue Reading Alex’s...
Creating a Zip File From Multiple MemoryStreams in D365FO
I recently had a requirement to take many pieces of data from D365FO, create a CSV file out of each data piece, and then wrap these files in a zip file for easy downloading by an end user. In my case, the requirement was that all of the data should be held in memory (never written to disk). I wanted to show the process of how I achieved this. Test Scenario To show how I did this I will be… Continue Reading Alex’s Article...
How to Determine Compatible Deployable Package Versions in D365FO
Working for an ISV, whenever we release a new deployable package I get questions surrounding its compatibility with a customer’s environment. When adding a deployable package to a shared asset library in LCS, the platform version and build information is shown: This informs the end user of the D365FO version used to build this particular deployable package. The question then is of course, is… Continue Reading Alex’s...
How to Apply Multiple XDS Policies to the Same Role in D365FO
I’ve written about XDS policies and how to apply them in the past, but what about the scenario where you want to apply multiple XDS policies to the same role in D365FO? How would you go about achieving that? Test Scenario For my test scenario, I want a role to only be able to interact with Customers and Vendors that have a group (CustGroup/VendGroup) equal to 10. Steps to Implement The first… Continue Reading Alex’s...
How to Apply D365FO Extensible Data Security Based on the Current User
I have written in the past about Extensible Data Security (XDS) in D365FO, it has been one of my most popular posts. I often get questions about it, but one that I get quite often is wanting to apply XDS based on the current user. The use case is something along the lines of: ‘I only want a user to see sales orders/vendors/customers they created’ ‘Users should only see records where they are… Continue Reading...
Understanding Microsoft Dynamics 365 Product Naming
< div class=”et_pb_section et_pb_section_0 et_section_regular”> <div class=”et_pb_row et_pb_row_0″> <div class=”et_pb_column et_pb_column_4_4 et_pb_column_0 et_pb_css_mix_blend_mode_passthrough et-last-child”> <div class=”et_pb_module et_pb_text et_pb_text_0 et_pb_text_align_left et_pb_bg_layout_light”> <div class=”et_pb_text_inner”>There is a lot...
How to Fix Broken Security References in D365FO
If you have used the Security Configuration area within D365FO to remove security layers in the past, you may have noticed that there are certain security features that still show these removed security layers. To demonstrate this we will be utilizing the Security Diagnostics feature for this blog post. For those that may not know, this feature allows you to see all roles, duties, and… Continue Reading Alex’s Article on...
The Impact of Multiplexing on User Licensing in Dynamics 365
Blog Post Co-Writer This blog post was written in conjunction with Matthias Leplae. He reached out to me inquiring about my past D365FO licensing blog posts and asked why I hadn’t written about license multiplexing and to be honest it was a topic I knew about but had stayed away from because of the complexity of it. Luckily Matthias helped with this tough topic and helped write/edit the post… Continue Reading Alex’s...
Beta Release of D365FO Security Role Test Workspace
I recently posted a video of a new project I have been working on to help with security testing in D365FO. I am now ready to officially release the D365FO Security Test Workspace solution in a Beta state for testing and feedback so I wanted to give an overview of how it works, how to set it up, and the features it offers. Microsoft’s Answers to Security Testing In AX 2012, the Security… Continue Reading Alex’s...
How to Allow Non Admin Users to Access Security Features in D365FO
I’ve written in the past about different security features that are native to D365FO, but in most cases these features require elevated privileges or even the System Administrator role to be accessible. But is there a way to grant these security features to normal users? Page Options -> Security Diagnostics The Security Diagnostics feature on a form allows for a user to determine which roles,… Continue Reading...
D365FO User Licensing Update April 2021
In the past, I have talked about that there are two separate licensing mechanisms in D365FO: entry point and privilege based. I have recently found that there is a third… the Dynamics 365 Licensing Guide itself. Dynamics 365 Licensing Guide This is an almost 60 page document that Microsoft releases on a semi-regular basis and gives the overview of how to license Dynamics 365, the most current… Continue Reading Alex’s...
Why You Need To Be Careful When Using The MetadataSupport Library For Enums in D365FO
I have used the MetadataSupport library in X++ to help get metadata information for tables, menu items, and data entities in the past. I have also used it for enums but recently found an issue when dealing with enum extensions. I initially wrote the logic to get enum metadata information like this: Which seems to work just fine, until you find an enum that contains a base enum extension, for… Continue Reading Alex’s...
Should You Apply Company Restrictions to All User Roles?
One security issue I’ve seen in D365FO, especially from those that have updated from AX 2012, is the idea that company/legal entity restrictions only need to be applied to the System User role and no other roles assigned to a user. What is the rationale behind this? What issues arise if this is done? And what can be done to address this? Why Apply Company Restrictions to Only the System User… Continue Reading Alex’s...
Getting Table Field Information for Form Entry in D365FO
There are many instances where you need to know exactly which table field is tied to an entry on a form: Interested in applying table field level security Want to turn on some type of audit trail tracking So how do we go about doing this? Right Click -> Form Information The easiest method I have found is to right click on the form field (or in some cases the form field label) and going to… Continue Reading Alex’s...
Comparing X++ vs .NET Performance and Memory Usage on Large Collections
After taking a little hiatus from writing I have a backlog of things that I need to catch up on for my blog. The first is a scenario I ran into recently while helping clients and has to deal with X++ and .NET performance and memory usage differences. Some Background Information To set up this scenario, within the Fastpath application (an external SAAS-based .NET application hosted in Azure)… Continue Reading Alex’s Article...
Current State of D365FO User Licensing
Since I’ve written multiple posts on this topic in the past, I thought it would be a good idea to combine the different posts and create a place that I can continually update with the latest information. So going forward, while I will still have individual posts on user licensing as well, this post will always be updated with the latest information. Last Updated: 1/25/2021 Where We Started In… Continue Reading Alex’s...
Voting is Open for DynamicsCon Sessions Until January 22nd
Voting for submitted DynamicsCon sessions (the FREE virtual conference that is taking place March 16 – 18th 2021) is now open until January 22nd! There are a lot of great sessions so be sure to go get registered for the conference and vote on sessions! I have one solo session available along with one I would be co-presenting with my colleague Frank Vukovits with. Understand User Licensing to… Continue Reading Alex’s...
Upcoming Sessions at Power Community D365 FinOps Summit January 29-31 2021
I will be presenting two sessions at the upcoming free Power Community D365 FinOps Summit being held from January 29th – 31st 2021. Be sure to register for the conference and mark your calendars as there are a lot of great sessions available! Common Security Mistakes and How to Avoid Them Join Andre Arnaud de Calavon and myself to learn about common security mistakes that many end users run… Continue Reading Alex’s...
How to Connect Power BI to D365FO Service Operation Endpoint
In the past, I have written about connecting Power BI to a Custom API data source. Now I’d like to talk about connecting Power BI to a custom D365FO service operations endpoint. In this example, I am going to use the Fastpath Audit Trail service operation endpoints we use for our reporting. This endpoint accepts a POST request be made against it and returns the data for the report requested… Continue Reading Alex’s...
Current State of D365FO User Licensing December 2020
With D365FO 10.0.15 now generally available, its time to look to see what has been updated for user licensing. There are definitely some updates in this release! If we navigate to System Administration -> Security -> Security Configuration -> Go to a Role/Duty/Privilege -> View Permissions we can now see that the License area in the upper left hand corner now shows the privilege license SKU… Continue Reading...
How to Fix ‘The devInstall option is not applicable to the current deployable package’ Error
If you are trying to install a deployable package via command line using the AXUpdateInstaller.exe devinstall command and get this error: Here are the steps you can take to fix this issue, run the following commands: AXUpdateInstaller.exe generate -runbookid=”OneBoxDev” -topologyfile=”DefaultTopologyData.xml” -servicemodelfile=”DefaultServiceModelData.xml”… Continue Reading Alex’s...
Announcing the Release of my Dynamics 365 for Finance & Operations Security Course
If you are looking for an in-depth D365FO security course that will take you from a security novice with no prior knowledge of the subject to having a deep understanding of security, audit, and compliance topics and functionality within D365FO. This is the course for you! Dynamics 365 for Finance & Operations Security Course The course covers: Understanding the D365FO Security Model Security… Continue Reading Alex’s...
Current State of D365FO User Licensing for October 2020
Microsoft recently released the 10.0.14(PU38) version of D365FO and along with that came a couple of changes for user licensing. Resource Updates I have updated the privilege to license SKU report that is available as a free resource from Fastpath. This report will show the privilege to license SKU association and then the IsUnique value for that particular privilege license combination. This… Continue Reading Alex’s...
Upcoming Sessions at Dynamic Communities Summit North America 2020
It’s that time of year again for the Dynamic Communities Summit North America conference coming up the week of October 5th – 9th. Obviously this year will be slightly different as the entire conference will be virtual but I will again be presenting a number of sessions (with some help from a colleague of mine Frank Vukovits). Educational Sessions Security Tips, Tricks, and Hacks in D365… Continue Reading Alex’s...
The Spring 2020 Edition of the Security and Audit Field Manual: D365FO Has Been Released
The Fastpath team has released the Spring 2020 version of our Security and Audit Field Manual series for D365FO. The technical aspects of the book include features and functionality that I have found in the last year surrounding the security, audit, and compliance features within D365FO. I would like to thank Mark Polino, Trish Boccuti, Heather Robinson, and the rest of the Fastpath team with… Continue Reading Alex’s...
Current State of D365FO User Licensing for August 2020
Updating Process for Determining User Licensing In this post I don’t have any new or changing information to share about user licensing in D365FO, but I wanted to clarify the steps for determining user licensing diagram from my last post. I’ve revamped the flow of the decision tree slightly to make it more explicit and hopefully easier to read. New Licensing Guide Released by Microsoft Also I… Continue Reading...
Issue with Revoking SysAdmin Role via OData in D365FO
I recently ran into an interesting issue with OData that I wanted to share. Within our Fastpath product suite we have a tool called Identity Manager that helps with the compliant provisioning, modification, and termination of user and user role assignments. Our clients use this module to help ensure that users are assigned the correct access at the correct time while also keeping SOD… Continue Reading Alex’s Article on...