Skip to main content

Dynamics 365 for Operations Security Analysis

I was recently looking at different ways of analyzing the security in the AOT. I found an Addin that is in Visual Studio.

Click on the “View related objects and licenses for all roles”.

image

It takes about 5 minutes to put all the data together and export an Excel file.

You get two worksheets.

  • License information – Shows the different security objects; Roles, Duties and Privileges. Showing the license type.
  • View related objects – This is a detailed exploded view of the Roles, duties, privileges, resource (I.e. menu item)

image

image

Based on the second tab I was able to create a pivot table. This allows me to figure out what makes a particular license Enterprise.

image

The thing you have to keep in mind is that this is looking at the AOT. If you have made security changes in the front end, this Addin won’t recognize it.

If you want to review security from the front end then navigation to the Security configuration form. Then click on the View permissions.

image

You will get a similar list as the Excel sheet. You get the Role license type. In the grid you get the exploded view with the license type. You can sort on the License column and figure out what makes up the Enterprise license.

image

I have a few suggestions for Microsoft:

1. Can we have a simple export from the front end. Export the same Excel as the add in – I.e. exploded view for all security objects.

2. Add a new Excel worksheet to export the “User roles” - Users with their roles and showing the License type. Also add the field Enabled (active user or not).

3. Make these exploded view an actual table that gets updated periodically.

4. Create data entities for PowerBI content pack. This would allow the ERP administrators a dashboard to see things like

     a) Number of Active users by License type

     b) Drill through to Roles and Security objects

Popular posts from this blog

AX - How to use Map and MapEnumerator

Similar to Set class, Map class allows you to associate one value (the key) with another value. Both the key and value can be any valid X++ type, including objects. The types of the key and the value are specified in the declaration of the map. The way in which maps are implemented means that access to the values is very fast. Below is a sample code that sets and retrieves values from a map. static void checkItemNameAliasDuplicate(Args _args) { inventTable inventTable; Map map; MapEnumerator mapEnumerator; NameAlias nameAlias; int counter = 0; ; map = new Map(Types::String, Types::Integer); //store into map while select inventTable { nameAlias = inventTable.NameAlias; if (!map.exists(nameAlias)) { map.insert(nameAlias, 1); } else { map.insert(nameAlias, map.lookup(nameAlias) + 1); } } //retrieve fro

AX - How to use Set and SetEnumerator

The Set class is used for the storage and retrieval of data from a collection in which the values of the elements contained are unique and serve as the key values according to which the data is automatically ordered. You can create a set of primitive data types or complex data types such as a Class, Record or Container. Below is sample of a set of records. static void _Set(Args _args) {     CustTable       custTable;     Set             set = new Set(Types::Record);     SetEnumerator   setEnumerator;     ;     while select custTable     {         if (custTable && !set.in(custTable))         {             set.add(custTable);         }     }     if (!set.empty())     {         setEnumerator = set.getEnumerator();         setEnumerator.reset();         while (setEnumerator.moveNext())         {             custTable = setEnumerator.current();             info(strfmt("Customer: %1",custTable.AccountNum));         }     } } Common mistake when creating a set of recIds

Approve Workflow via email using template placeholders #Dyn365FO

Dynamics 365 for Finance and Operations has placeholders which can be inserted into the instructions. Normally you would want this to show up in the email that is sent. One of the most useful ones is the URL link to the exact record that you are approving. In the workflow configurations use the placeholder and build up your message. Towards the end it has workflow specific ones. The URL token is %Workflow.Link to web% . For the technical people the token is replaced in this class WorkflowDocumentField. This is what I inserted into my email template. <BODY> subject: %subject% <BR> message: %message% <BR> company: %company% <BR> for: %for% <BR> </BODY> Should look like this. The final result looks like this. If you debug these are the place holders that are put together.