Segregation of Duties in D365FO
I’ve referred to the Segregation of Duties (SOD) feature in Dynamics 365 for Finance & Operations before but haven’t really gotten into the specifics of the feature itself, what it allows you to do and the shortcomings/gaps. What is Segregation of Duties? The idea of Segregation of Duties (aka Separation of Duties) is that a single user should not be able to perform certain actions in a… Continue Reading...
Presenting at Upcoming Microsoft Dynamics Conferences
DynamicsCon (virtual) When: March 15 – 17th 2022 Price: Free Register Here Session Information: Common D365FO Mistakes and How to Avoid Them I am co-presenting this session with another Microsoft MVP Andre Arnaud de Calavon. In this session, we will demonstrate real-world common D365FO security mistakes that customers make, discuss why these actions can introduce risk into your organization,… Continue Reading Alex’s...
Comparing D365FO Security Between Versions
A frequent request I get is with OneVersion updates in D365FO, how do we as end users know what security changes are occurring between D365FO versions? A fellow Microsoft MVP, Nathan Clouse, reached out to me asking about wanting to add the same information to his dynamics.fo website. He has dedicated this site to show changes that are occuring between D365FO versions. We decided to… Continue Reading Alex’s Article on...
How to Use Temp Tables as Grid Datasources for Data Analytics in D365FO
I was recently asked to find a way to perform some simple data analytics across some data within D365FO. In my case, this was audit data that could easily be millions of records so just exporting to an Excel file to do this was not really an option. Instead I wanted to build a simple form that would perform the analysis for me. Note: This could also be done very easily within a full data… Continue Reading Alex’s Article on...
Voting Now Open for DynamicsCon 2022 Sessions
Voting has now opened for DynamicsCon 2022 sessions! I have submitted two different sessions and there are many more great sessions to check out and vote for! Be sure to get your votes in before January 19th 2022! Successfully Navigate D365FO User Licensing Do you find user licensing in D365FO confusing? Do you second guess the number and type of licenses you need? Are you worried you are… Continue Reading Alex’s Article...
Automated Solution to Find Table Relations in AX 2012 and D365FO
Problem For anyone that has dealt with creating queries in AX 2012 and D365FO, you know it can be extremely difficult to determine possible table relations between tables. To help with this Microsoft released an ERD for AX 2012 (this can still be used for D365FO), unfortunately they no longer maintain this project but do allow for others to host it themselves. This ERD helps to show the… Continue Reading Alex’s Article on...
Get Custom D365FO Objects at Runtime Using X++
A while back, I asked a question on the D365FO forums about being able to generate a list of custom objects within an environment at runtime via X++. I never followed up on my answer there so I wanted to give a detailed response to how I ended up solving this. Before We Begin In the discussion on my initial question post it was brought up that you should be using a source control system (TFS,… Continue Reading Alex’s...
Restoring Deleted Security in D365FO
Recently ran into an interesting scenario where an end user deleted a security layer from the user interface and wanted to restore it. This security layer was an out of box security layer so it existed in the AOT. Here is the process on how to perform this task. Note: The following process only works in the scenario that the security layer exists in the AOT and you remove it from the user… Continue Reading Alex’s Article...
Determine Where Form Data is Stored in D365FO
There are many scenarios in D365FO where knowing where data on a form is coming from is needed. A couple scenarios include trying to write custom reports or for tracking data changes using something like the Fastpath Audit Trail tool. There are a couple different options on how to accomplish this so I wanted to walk through them. I’ve written about a similar topic to this in the past, but… Continue Reading Alex’s...
Creating a Read Only Role for D365FO – User Interface
I previously wrote about how to create a read only role for D365FO via the AOT. A lot of users thought my use of the term ‘easy’ in the title was misleading, which I can’t really argue with, It does get slightly technical on how to create it. So I thought it might be a good idea to make this process a little more user friendly and make a read only role that anyone could import into their… Continue Reading...
Using TPF to Protect Sensitive Data in Grid Columns for D365FO
I’ve covered the topic of the Table Permission Framework previously but wanted to give an example of how it can be used for protecting columns within grids in D365FO. Scenario There is a form within D365FO that contains a grid that has a sensitive data within a particular column that you would like to hide from certain users and only allow users explicitly assigned access to see/interact with… Continue Reading Alex’s...
Presenting at Upcoming User Group Conferences
I’m excited to be speaking in-person at a couple upcoming conferences. I am looking forward to seeing friends and other attendees again and sharing my knowledge and expertise! Dynamic Communities Summit North America October 12th – 15th | Houston, Texas Common Security Mistakes and How to Avoid Them In this session, we will demonstrate real-world common D365FO security mistakes that… Continue Reading Alex’s...
Creating a Zip File From Multiple MemoryStreams in D365FO
I recently had a requirement to take many pieces of data from D365FO, create a CSV file out of each data piece, and then wrap these files in a zip file for easy downloading by an end user. In my case, the requirement was that all of the data should be held in memory (never written to disk). I wanted to show the process of how I achieved this. Test Scenario To show how I did this I will be… Continue Reading Alex’s Article...
How to Determine Compatible Deployable Package Versions in D365FO
Working for an ISV, whenever we release a new deployable package I get questions surrounding its compatibility with a customer’s environment. When adding a deployable package to a shared asset library in LCS, the platform version and build information is shown: This informs the end user of the D365FO version used to build this particular deployable package. The question then is of course, is… Continue Reading Alex’s...
How to Apply Multiple XDS Policies to the Same Role in D365FO
I’ve written about XDS policies and how to apply them in the past, but what about the scenario where you want to apply multiple XDS policies to the same role in D365FO? How would you go about achieving that? Test Scenario For my test scenario, I want a role to only be able to interact with Customers and Vendors that have a group (CustGroup/VendGroup) equal to 10. Steps to Implement The first… Continue Reading Alex’s...
How to Apply D365FO Extensible Data Security Based on the Current User
I have written in the past about Extensible Data Security (XDS) in D365FO, it has been one of my most popular posts. I often get questions about it, but one that I get quite often is wanting to apply XDS based on the current user. The use case is something along the lines of: ‘I only want a user to see sales orders/vendors/customers they created’ ‘Users should only see records where they are… Continue Reading...
Understanding Microsoft Dynamics 365 Product Naming
< div class=”et_pb_section et_pb_section_0 et_section_regular”> <div class=”et_pb_row et_pb_row_0″> <div class=”et_pb_column et_pb_column_4_4 et_pb_column_0 et_pb_css_mix_blend_mode_passthrough et-last-child”> <div class=”et_pb_module et_pb_text et_pb_text_0 et_pb_text_align_left et_pb_bg_layout_light”> <div class=”et_pb_text_inner”>There is a lot...
How to Fix Broken Security References in D365FO
If you have used the Security Configuration area within D365FO to remove security layers in the past, you may have noticed that there are certain security features that still show these removed security layers. To demonstrate this we will be utilizing the Security Diagnostics feature for this blog post. For those that may not know, this feature allows you to see all roles, duties, and… Continue Reading Alex’s Article on...
The Impact of Multiplexing on User Licensing in Dynamics 365
Blog Post Co-Writer This blog post was written in conjunction with Matthias Leplae. He reached out to me inquiring about my past D365FO licensing blog posts and asked why I hadn’t written about license multiplexing and to be honest it was a topic I knew about but had stayed away from because of the complexity of it. Luckily Matthias helped with this tough topic and helped write/edit the post… Continue Reading Alex’s...
Beta Release of D365FO Security Role Test Workspace
I recently posted a video of a new project I have been working on to help with security testing in D365FO. I am now ready to officially release the D365FO Security Test Workspace solution in a Beta state for testing and feedback so I wanted to give an overview of how it works, how to set it up, and the features it offers. Microsoft’s Answers to Security Testing In AX 2012, the Security… Continue Reading Alex’s...
How to Allow Non Admin Users to Access Security Features in D365FO
I’ve written in the past about different security features that are native to D365FO, but in most cases these features require elevated privileges or even the System Administrator role to be accessible. But is there a way to grant these security features to normal users? Page Options -> Security Diagnostics The Security Diagnostics feature on a form allows for a user to determine which roles,… Continue Reading...
D365FO User Licensing Update April 2021
In the past, I have talked about that there are two separate licensing mechanisms in D365FO: entry point and privilege based. I have recently found that there is a third… the Dynamics 365 Licensing Guide itself. Dynamics 365 Licensing Guide This is an almost 60 page document that Microsoft releases on a semi-regular basis and gives the overview of how to license Dynamics 365, the most current… Continue Reading Alex’s...
Why You Need To Be Careful When Using The MetadataSupport Library For Enums in D365FO
I have used the MetadataSupport library in X++ to help get metadata information for tables, menu items, and data entities in the past. I have also used it for enums but recently found an issue when dealing with enum extensions. I initially wrote the logic to get enum metadata information like this: Which seems to work just fine, until you find an enum that contains a base enum extension, for… Continue Reading Alex’s...
Should You Apply Company Restrictions to All User Roles?
One security issue I’ve seen in D365FO, especially from those that have updated from AX 2012, is the idea that company/legal entity restrictions only need to be applied to the System User role and no other roles assigned to a user. What is the rationale behind this? What issues arise if this is done? And what can be done to address this? Why Apply Company Restrictions to Only the System User… Continue Reading Alex’s...
Getting Table Field Information for Form Entry in D365FO
There are many instances where you need to know exactly which table field is tied to an entry on a form: Interested in applying table field level security Want to turn on some type of audit trail tracking So how do we go about doing this? Right Click -> Form Information The easiest method I have found is to right click on the form field (or in some cases the form field label) and going to… Continue Reading Alex’s...
Comparing X++ vs .NET Performance and Memory Usage on Large Collections
After taking a little hiatus from writing I have a backlog of things that I need to catch up on for my blog. The first is a scenario I ran into recently while helping clients and has to deal with X++ and .NET performance and memory usage differences. Some Background Information To set up this scenario, within the Fastpath application (an external SAAS-based .NET application hosted in Azure)… Continue Reading Alex’s Article...
Current State of D365FO User Licensing
Since I’ve written multiple posts on this topic in the past, I thought it would be a good idea to combine the different posts and create a place that I can continually update with the latest information. So going forward, while I will still have individual posts on user licensing as well, this post will always be updated with the latest information. Last Updated: 1/25/2021 Where We Started In… Continue Reading Alex’s...
Voting is Open for DynamicsCon Sessions Until January 22nd
Voting for submitted DynamicsCon sessions (the FREE virtual conference that is taking place March 16 – 18th 2021) is now open until January 22nd! There are a lot of great sessions so be sure to go get registered for the conference and vote on sessions! I have one solo session available along with one I would be co-presenting with my colleague Frank Vukovits with. Understand User Licensing to… Continue Reading Alex’s...
Upcoming Sessions at Power Community D365 FinOps Summit January 29-31 2021
I will be presenting two sessions at the upcoming free Power Community D365 FinOps Summit being held from January 29th – 31st 2021. Be sure to register for the conference and mark your calendars as there are a lot of great sessions available! Common Security Mistakes and How to Avoid Them Join Andre Arnaud de Calavon and myself to learn about common security mistakes that many end users run… Continue Reading Alex’s...
How to Connect Power BI to D365FO Service Operation Endpoint
In the past, I have written about connecting Power BI to a Custom API data source. Now I’d like to talk about connecting Power BI to a custom D365FO service operations endpoint. In this example, I am going to use the Fastpath Audit Trail service operation endpoints we use for our reporting. This endpoint accepts a POST request be made against it and returns the data for the report requested… Continue Reading Alex’s...
Current State of D365FO User Licensing December 2020
With D365FO 10.0.15 now generally available, its time to look to see what has been updated for user licensing. There are definitely some updates in this release! If we navigate to System Administration -> Security -> Security Configuration -> Go to a Role/Duty/Privilege -> View Permissions we can now see that the License area in the upper left hand corner now shows the privilege license SKU… Continue Reading...
How to Fix ‘The devInstall option is not applicable to the current deployable package’ Error
If you are trying to install a deployable package via command line using the AXUpdateInstaller.exe devinstall command and get this error: Here are the steps you can take to fix this issue, run the following commands: AXUpdateInstaller.exe generate -runbookid=”OneBoxDev” -topologyfile=”DefaultTopologyData.xml” -servicemodelfile=”DefaultServiceModelData.xml”… Continue Reading Alex’s...
Announcing the Release of my Dynamics 365 for Finance & Operations Security Course
If you are looking for an in-depth D365FO security course that will take you from a security novice with no prior knowledge of the subject to having a deep understanding of security, audit, and compliance topics and functionality within D365FO. This is the course for you! Dynamics 365 for Finance & Operations Security Course The course covers: Understanding the D365FO Security Model Security… Continue Reading Alex’s...
Current State of D365FO User Licensing for October 2020
Microsoft recently released the 10.0.14(PU38) version of D365FO and along with that came a couple of changes for user licensing. Resource Updates I have updated the privilege to license SKU report that is available as a free resource from Fastpath. This report will show the privilege to license SKU association and then the IsUnique value for that particular privilege license combination. This… Continue Reading Alex’s...
Upcoming Sessions at Dynamic Communities Summit North America 2020
It’s that time of year again for the Dynamic Communities Summit North America conference coming up the week of October 5th – 9th. Obviously this year will be slightly different as the entire conference will be virtual but I will again be presenting a number of sessions (with some help from a colleague of mine Frank Vukovits). Educational Sessions Security Tips, Tricks, and Hacks in D365… Continue Reading Alex’s...
The Spring 2020 Edition of the Security and Audit Field Manual: D365FO Has Been Released
The Fastpath team has released the Spring 2020 version of our Security and Audit Field Manual series for D365FO. The technical aspects of the book include features and functionality that I have found in the last year surrounding the security, audit, and compliance features within D365FO. I would like to thank Mark Polino, Trish Boccuti, Heather Robinson, and the rest of the Fastpath team with… Continue Reading Alex’s...
Current State of D365FO User Licensing for August 2020
Updating Process for Determining User Licensing In this post I don’t have any new or changing information to share about user licensing in D365FO, but I wanted to clarify the steps for determining user licensing diagram from my last post. I’ve revamped the flow of the decision tree slightly to make it more explicit and hopefully easier to read. New Licensing Guide Released by Microsoft Also I… Continue Reading...
Issue with Revoking SysAdmin Role via OData in D365FO
I recently ran into an interesting issue with OData that I wanted to share. Within our Fastpath product suite we have a tool called Identity Manager that helps with the compliant provisioning, modification, and termination of user and user role assignments. Our clients use this module to help ensure that users are assigned the correct access at the correct time while also keeping SOD… Continue Reading Alex’s Article on...
Vote for DynamicsCon Sessions Before August 1st
In today’s world of virtual events it is easy to not know which are worth attending. But what if I told you there was a free Dynamics 365 conference where the attendees vote on which sessions will be presented. And a majority of the presenters are either Microsoft employees, Microsoft MVPs, or subject matter experts in their area. Well that’s exactly what the DynamicsCon conference is… Continue Reading Alex’s...
Current State of D365FO User Licensing for July 2020
I wanted to give a periodic update about user licensing in D365FO for July 2020. With the GA release of 10.0.12/PU36 there has been some changes regarding user licensing to address some of the issues I went over in my previous user licensing post in May. Here are some of the changes: License types available in 10.0.12/PU36 Base licenses: Finance Supply Chain Management (SCM) Commerce… Continue Reading Alex’s Article on...
Current State of D365FO User Licensing for May 2020
I’ve written about user licensing in D365FO in the past but because of the numerous changes Microsoft has made to licensing in the past six months I wanted to start doing periodic updates to give a current state of licensing. There are currently two different licensing mechanisms currently in use for D365FO: Analysis being done at the entry point level – Determining User Licenses in Dynamics… Continue Reading...
Easily Create a Read Only Role in D365FO
I have gotten the question of creating a ‘read only’ or ‘view only’ role many times in the past so I thought I would show the process of how I created one. There are many reasons that a read only role would be needed: Executive/Upper Management users who need access to view information but should not be able to transact in the system Internal/External audit users who need to validate reports… Continue...
Best Practice for Moving D365FO Security Between Environments
One of the questions I get quite often is now that I know that security created/modified from the AOT is stored differently than security created/modified from the user interface, what is the best way to move security between environments effectively and ensure the validity of the tested security in each environment? Treat Security as Code What I mean by this is that your security should go… Continue Reading Alex’s Article...
How to Continue to Use the Table Browser Functionality Within D365FO
While using D365FO it is sometimes helpful to be able to view the actual data within a particular table from a web browser. This has previously been done via the SysTableBrowser menu item display, but recently there was a message on the D365UG forum that trying to navigate to this menu item was throwing an error. If you are unfamiliar with the SysTableBrowser you can utilize it by using the… Continue Reading Alex’s Article...
Upcoming Sessions at Dynamics Communities Summit Europe 2020
We are just over a month away from the Summit Europe 2020 conferences in Barcelona, Spain. As always there is a wide variety of amazing sessions, presentations, and networking to be had. I have a number of sessions across both the extreme365 and Summit conferences surrounding security, audit, and compliance that you shouldn’t miss! Security Landscape in Dynamics and Beyond – Customer… Continue Reading Alex’s Article...
Automatic Company Restriction Assignment in D365FO
I recently wrote about what features allow you to restrict user role assignments to a specific company/legal entity within D365FO, and another great AX developer Nathan Clouse chided me and said ‘What if someone made an open source project to change this behavior?’. After some back and forth we decided we were the people to start this project, I recently got our first feature completely so I… Continue Reading...
Options for Configuring User Legal Entity Restrictions in D365FO
By default, in Dynamics AX/365FO when assigning a user to a role, this access is granted across all companies/legal entities. What options do you have to restrict this? Assign Organizations Under System Administration -> Users you are able to see the roles assigned to a user. When you select a particular role you can then select Assign Organizations to restrict which companies/legal entities… Continue Reading Alex’s...
Current State of User Licensing in D365FO PU31
With D365FO PU31/10.0.7 now becoming GA, we get our first look at Microsoft’s new licensing model within D365FO. I wrote about the high level changes in this post, but let’s look to see how this new licensing model is implemented. First and foremost I wanted to try and find the association between the new license types and the menu items. I started by looking at menu item objects in the AOT… Continue Reading...
Securing the Open in Microsoft Office Button in D365FO
On some pages within D365FO there will be an Office button in the upper right hand corner that allows you to either export grid data to Excel or use Excel to easily update, create, or delete data. Security for these actions are controlled slightly differently than the normal menu item method instead they are controlled by security via data entities. Integration Points There are two different… Continue Reading Alex’s...
Gaps in the Security Diagnostics for Task Recordings Feature in D365FO
I have written in the past about how to use the Security Diagnostics for Task Recordings feature within D365FO to help determine the securable objects consumed during a recorded business process or task. But I found while diving deeper into using the tool that there are some gaps that you need to be aware of. The Gaps 1) The access required for the objects is not shown If we look at the… Continue Reading Alex’s Article on...