Issue with Revoking SysAdmin Role via OData in D365FO
I recently ran into an interesting issue with OData that I wanted to share. Within our Fastpath product suite we have a tool called Identity Manager that helps with the compliant provisioning, modification, and termination of user and user role assignments. Our clients use this module to help ensure that users are assigned the correct access at the correct time while also keeping SOD… Continue Reading Alex’s Article on...
Vote for DynamicsCon Sessions Before August 1st
In today’s world of virtual events it is easy to not know which are worth attending. But what if I told you there was a free Dynamics 365 conference where the attendees vote on which sessions will be presented. And a majority of the presenters are either Microsoft employees, Microsoft MVPs, or subject matter experts in their area. Well that’s exactly what the DynamicsCon conference is… Continue Reading Alex’s...
Current State of D365FO User Licensing for July 2020
I wanted to give a periodic update about user licensing in D365FO for July 2020. With the GA release of 10.0.12/PU36 there has been some changes regarding user licensing to address some of the issues I went over in my previous user licensing post in May. Here are some of the changes: License types available in 10.0.12/PU36 Base licenses: Finance Supply Chain Management (SCM) Commerce… Continue Reading Alex’s Article on...
Current State of D365FO User Licensing for May 2020
I’ve written about user licensing in D365FO in the past but because of the numerous changes Microsoft has made to licensing in the past six months I wanted to start doing periodic updates to give a current state of licensing. There are currently two different licensing mechanisms currently in use for D365FO: Analysis being done at the entry point level – Determining User Licenses in Dynamics… Continue Reading...
Easily Create a Read Only Role in D365FO
I have gotten the question of creating a ‘read only’ or ‘view only’ role many times in the past so I thought I would show the process of how I created one. There are many reasons that a read only role would be needed: Executive/Upper Management users who need access to view information but should not be able to transact in the system Internal/External audit users who need to validate reports… Continue...
Best Practice for Moving D365FO Security Between Environments
One of the questions I get quite often is now that I know that security created/modified from the AOT is stored differently than security created/modified from the user interface, what is the best way to move security between environments effectively and ensure the validity of the tested security in each environment? Treat Security as Code What I mean by this is that your security should go… Continue Reading Alex’s Article...
How to Continue to Use the Table Browser Functionality Within D365FO
While using D365FO it is sometimes helpful to be able to view the actual data within a particular table from a web browser. This has previously been done via the SysTableBrowser menu item display, but recently there was a message on the D365UG forum that trying to navigate to this menu item was throwing an error. If you are unfamiliar with the SysTableBrowser you can utilize it by using the… Continue Reading Alex’s Article...
Upcoming Sessions at Dynamics Communities Summit Europe 2020
We are just over a month away from the Summit Europe 2020 conferences in Barcelona, Spain. As always there is a wide variety of amazing sessions, presentations, and networking to be had. I have a number of sessions across both the extreme365 and Summit conferences surrounding security, audit, and compliance that you shouldn’t miss! Security Landscape in Dynamics and Beyond – Customer… Continue Reading Alex’s Article...
Automatic Company Restriction Assignment in D365FO
I recently wrote about what features allow you to restrict user role assignments to a specific company/legal entity within D365FO, and another great AX developer Nathan Clouse chided me and said ‘What if someone made an open source project to change this behavior?’. After some back and forth we decided we were the people to start this project, I recently got our first feature completely so I… Continue Reading...
Options for Configuring User Legal Entity Restrictions in D365FO
By default, in Dynamics AX/365FO when assigning a user to a role, this access is granted across all companies/legal entities. What options do you have to restrict this? Assign Organizations Under System Administration -> Users you are able to see the roles assigned to a user. When you select a particular role you can then select Assign Organizations to restrict which companies/legal entities… Continue Reading Alex’s...
Current State of User Licensing in D365FO PU31
With D365FO PU31/10.0.7 now becoming GA, we get our first look at Microsoft’s new licensing model within D365FO. I wrote about the high level changes in this post, but let’s look to see how this new licensing model is implemented. First and foremost I wanted to try and find the association between the new license types and the menu items. I started by looking at menu item objects in the AOT… Continue Reading...
Securing the Open in Microsoft Office Button in D365FO
On some pages within D365FO there will be an Office button in the upper right hand corner that allows you to either export grid data to Excel or use Excel to easily update, create, or delete data. Security for these actions are controlled slightly differently than the normal menu item method instead they are controlled by security via data entities. Integration Points There are two different… Continue Reading Alex’s...
Gaps in the Security Diagnostics for Task Recordings Feature in D365FO
I have written in the past about how to use the Security Diagnostics for Task Recordings feature within D365FO to help determine the securable objects consumed during a recorded business process or task. But I found while diving deeper into using the tool that there are some gaps that you need to be aware of. The Gaps 1) The access required for the objects is not shown If we look at the… Continue Reading Alex’s Article on...
Tool To Help Migrate D365FO Security Between Environments
After a great week at Summit 2019 time to get back at it! One of the things I heard repeatedly throughout the sessions I did and numerous people who stopped by our booth was that moving/migrating D365FO security between environments is extremely difficult and not intuitive/user-friendly at all, which I have to agree with. You may remember I created the D365FO Security Converter Tool in the… Continue Reading Alex’s Article...
October 2019 User Licensing Update to Dynamics 365 Finance & Operations
On October 1st 2019, Microsoft released a new licensing guide for the Dynamics 365 business application suite with a number of updates. This licensing update only applies to the cloud version of D365FO and does not apply to on-premise installs. New Licensing Model (as of Oct 1st 2019) The Operations level license is now split into separate modules: Finance Supply Chain… Continue Reading Alex’s Article on their blog October...
Upcoming Sessions at Dynamics Communities User Group Summit 2019
With the calendar switching to October we are officially in the home stretch of the run up to Summit 2019 in Orlando, Florida. As always there is a wide variety of amazing sessions, presentations, and networking to be had. I have a number of sessions surrounding security, audit, and compliance that you shouldn’t miss! Can’t wait to see you all there!!! Pre-Conference Academy Dynamics 365 for… Continue Reading...
Does Licensing in D365FO Consider the Deny Permission?
I have a very interesting licensing scenario I recently ran into surrounding using the deny permission. With the move to D365FO, the deny permission allows for explicitly revoking access to an object, this in turn, should also impact the licensing to a user, role, duty, or privilege. To test this I set up the following scenario: 1. I found a menu item that has different licenses for the… Continue Reading Alex’s Article on...
The Spring 2019 Version of the Security and Audit Field Manual: Microsoft Dynamics 365 for Finance & Operations Has Been Released
The Fastpath team recently released the spring 2019 version of our security and audit series for D365FO. The technical aspects of the book have been updated to reflect the OneVersion releases of D365FO. I would like to thank Mark Polino, Trish Boccuti, and Heather Robinson of the Fastpath team for helping in the process of getting this edited, formatted, and published. A quick overview of the… Continue Reading Alex’s...
How To Utilize the Deny Permission in Dynamics 365 for Finance & Operations
One new piece of security functionality in D365FO is the idea of having an explicit deny access level available to assign. I’ve written about this access level permission in the past and how it overrides any other grants made to this object when assigned to the user. This functionality did not exist in AX 2012 so the question is ‘How do I utilize deny permissions when setting up… Continue Reading Alex’s Article...
Data Entity Filtering in Dynamics 365 for Finance & Operations
Data entities were introduced in D365FO to provide a way for external services to interact with business processes within D365FO without having to know or understand how the inner workings of that data was stored. It was built on top of the OData protocol which provides a standard by which we can consume those objects through RESTful APIs. But what I found while using these was that some of… Continue Reading Alex’s Article...
Field Level Security in Dynamics 365 for Finance & Operations
I’ve written in the past about Least Privilege Security in D365FO but one aspect I haven’t covered yet is the process of setting up field level security in D365FO. In D365FO, entry point security has changed slightly from AX 2012 and has simplified security by allowing menu item access to drive data source access. I’ve written about this in detail in a previous post. But if you want to be… Continue Reading...
Biggest Takeaways From Microsoft BizApp Summit 2019
With Microsoft’s Business Application Summit 2019 wrapping up in Atlanta, I thought I would share my thoughts on the biggest takeaways from the conference in my opinion. New OneVersion Release Schedule Instead of doing 12 separate monthly updates, Microsoft is changing the F&O release schedule to include only 8 with the other months not having an update during those months. You can now pause… Continue Reading...
Can Users Access D365FO With a License Type of None?
I recently saw a question posted on a forum regarding what license Microsoft assigns a user that has no license requirement based on their entry point access. I didn’t really have an answer as I hadn’t ran into this scenario and I didn’t cover it in my my earlier post about determining user licenses. In earlier versions of AX there was some uncertainty about which license would be applied so I… Continue Reading...
Why Adding an Undo Button to Unpublished Objects is Not Easy in D365FO
One question I’ve had throughout the releases of D365FO has been why there wasn’t an ‘Undo’ or ‘Remove’ for a security change made within the user interface. Before security changes go live into the system, they first go to a staging area called ‘Unpublished Objects’, on this screen there is currently a ‘Publish all’ and ‘Publish selection’ but there is no way to...
Things to Watch Out For When Developing D365FO Security Through the User Interface
There are a couple questions I get/issues I see quite often around setting up security in the D365FO user interface so I figured I would make a post around things to watch out for. Security is still hierarchy based, and needs to be created in that way One of the things I’ve seen done quite often is a user trying to set up security where they assign just the access type to an object that a… Continue Reading Alex’s...
Extensible Data Security (XDS) Framework in D365FO
The Extensible Data Security (XDS) framework is a feature in D365FO and AX 2012 that allows users to supplement role based security and allow access to tables to be restricted by a policy. This feature was an evolution of the record-level security that existed in previous versions of Dynamics AX. In simple terms, XDS is placing a WHERE (or ON) statement on any SQL SELECT, UPDATE, DELETE, or… Continue Reading Alex’s Article...
Configuring Azure AD Group Security in D365FO
In AX 2012 you had the ability to use Active Directory groups to help manage security within the application. The basic setup behind this was that you would: Create an AD group and put in the AX users you wanted to be controlled by that group Create the AD group within AX, that group would basically act as a user within the application Then create the users of that group as users within the… Continue Reading Alex’s Article...
Presenting Upcoming User Group Sessions and Academy Classes
The month of March will be very busy for myself and other colleagues at Fastpath as we will presenting sessions at Dynamics Communities conferences as well as leading an academy session. Academy Class – March 4th This Dynamics Communities academy class will be a complete overview of D365FO security and starting from a beginner level and going to advanced. It will be done over the course of 4… Continue Reading Alex’s...
Automated Role Access Testing Using the SysTestSecurityAttribute in D365FO
With the push in D365FO for automating everything from deployment to servicing to testing one of the questions I’ve heard numerous times is how do you perform/is it possible to perform automated role access testing? This comes into play for a number of reasons: With the quick releases of Microsoft D365FO I need a way to quickly ensure that my custom roles have the correct access even after… Continue Reading Alex’s...
Table Permission Framework in D365FO
In the past, I’ve written about the Table Permission Framework functionality within D365FO but recently I’ve had numerous examples of this causing D365FO users issues when setting up security. Because of this, I wanted to write about it again to explain how the feature works, how to troubleshoot security errors caused by the TPF, and how to remediate it. Table Permission Framework (TPF)… Continue Reading Alex’s...
Interesting Behavior of Unpublished Objects in Dynamics 365 for Finance & Operations
One thing I’ve been asked about numerous times and has caused confusion while using the user interface to set up security is some interesting behavior regarding objects showing up in the ‘Unpublished Objects’ area when no changes are made by the user. The Scenario A typical scenario is as follows: User goes to System Administration -> Security Configuration -> Privileges (and notices there… Continue...
Dormant User Account Reporting in D365FO PU21 8.1
Microsoft has added some additional user reporting around dormant user accounts in D365FO PU21 8.1. This report can be found in System Administration -> Security -> Dormant user security accounts. You then can provide some inputs for the report: Number of days since last login Account Type All Claims User Active Directory User Include users having this account status All Enabled Not… Continue Reading Alex’s Article...
Uninstall a deployable package in D365FO
Recently I had the opportunity to learn about uninstalling a deployable package and thought I would go through the process of how I did it. Take zip file of the deployable package that needs to be removed and unzip it Navigate within the unzipped deployable package to the following path: ..packageAOSServiceScripts… Continue Reading Alex’s Article on their blog
Setting Up Security in Dynamics 365 for Finance and Operations – Part III – Security Management
In numerous other posts, I talk about the effect of where you create D365FO security (AOT vs user interface) has on how it is stored. In other posts, I talk about creating an application to help move your security created in the user interface to your AOT. I thought it might be a good idea to bring these ideas to together and summarize this topic and show what security management best practice… Continue Reading Alex’s...
Fastpath vs. Dynamics AX/D365FO Segregation Of Duty Analysis Comparison
There are many questions about the built-in Segregation of Duties functionality within Dynamics AX and D365FO, how it works, and its short comings? To help answer those questions, I created a white paper that compares the native SoD functionality to the functionality that the Fastpath tool offers surrounding this area. Fastpath vs. Dynamics AX/D365FO Segregation Of Duty… Continue Reading Alex’s Article on their...
Obtain Menu Items From Dynamics AX 2012 and Dynamics 365FO Task Recordings
The Task Recorder tool in AX 2012 and D365FO is a great resource to create documentation around business processes and tasks. I’ve written in the past that one of the other side effects of this feature is that it also records the objects being used during the process and therefore can be used to help set up security. To help with this, I wrote a small application that does the processing for… Continue Reading Alex’s...