Core Differences in Security Implementation between Dynamics AX and Dynamics 365 for Operations

by | Updated January 2, 2018 | Dynamics 365 for Finance and Operations, Dynamics AX, Security

I had the privilege of recently attending the Dynamics 365 Tech Conference in Seattle, WA, and joined a class on the Dynamics 365 (D365) for Operations Security Model. This seminar focused on the core differences in security implementation between Dynamics AX and Dynamics 365 for Operations and covered some differences in technology and methodology.

Security Framework & Approach

At the core, the security framework and approach is essentially the same between Dynamics AX 2012 and D365 for Operations. One of the major differences is the concept of the separation between design time and run-time environments. In AX 2012, if you made changes to a security object (say a privilege), it would be immediately effective and an end-user would simply have to log out and back in the client to see those changes. In D365 however, those changes need to be “published” and a batch job of sorts will run (typically within five minutes) and implement those changes. Therefore, security changes may not be immediate.

Entry Point Security

Another key change in security surrounds Entry point security. One difficulty we encountered in AX 2012 was that if I had a security role that needed read access to a table or menu item on one privilege and delete permissions was given elsewhere on the form on another privilege, AX gave the role access to the form regardless of where the user came in on (if they came into the form through a read or delete entry point). This really was difficult sometimes during troubleshooting because it meant reverse engineering and “peeling the onion” back on every possible security touch point to the form or table in question to see where that access came from. Now in D365 for Operations, if the user came in from a read menu item, the delete will be ignored. This was really how AX 2012 should have worked, in that now Dynamics is respecting the developers intent here. This will really help in making security a bit easier to troubleshoot.

Security Reports & Diagnostic Tools added to D365

Some new security reports and diagnostic tools have been added to D365. When logged in as a system administrator, on the Options for any form there is an option for “Security Diagnostics”. This shows you all of the roles, duties, or privileges that give a user access to that form. Say, for example, a user comes in on a form and can’t access something they need to. A system administrator can navigate there, click on Security Diagnostics, and there will be buttons to “Add duty to a role” and other security-related tasks which essentially provide many of the security tasks at a form-level.

Removal of Tools

One last interesting part to mention regarding security in D365 are some removals. The Security Development Tool is no more! This was a valuable tool for many AX 2012 developers and system administrators and it will be greatly missed. There are a few pieces here in there in terms of tools in the D365 client as well as Visual Studio that accomplish (most) of what the Security Development Tool offered, but it is not a complete replacement. The biggest aspect that I will miss the most is the ability to traverse the AX menu navigation tree, down to the button or menu item object and add/remove permissions from there. There is currently no replacement for this functionality:

security entry point permissions in dynamics 365 for operations

Time will tell if this is a viable solution or if something else will need to be developed.

Second, the use of Active Directory groups for user provisioning has not been removed per se, but it has been disabled by default. The notion behind this surrounds the protection of segregation of duties. When using Active Directory groups, I’m essentially turning my AD administrator into an AX administrator with full control thereof, thus it is turned off by default but can be enabled through a configuration key.

Exciting things are coming with the new D365, and hopefully, security will be easier to implement and lighter to manage.

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

march

03mar10:00 am10:30 amThe Modern Manufacturer - MRP vs. MPS – What, When and How

03mar2:00 pm2:30 pmLot Management Best Practices for Batch Manufacturers

10mar10:00 am10:30 amEnhancing the Customer Experience and Driving More Business with Dynamics 365 Customer Service

10mar2:00 pm2:30 pmThe Five Steps to Managing Sales Tax

11mar11:00 am12:00 pmConfab with Stoneridge - Livestream - Power Apps Component Framework Power Hour

17mar10:00 am10:30 amThe Modern Manufacturer: Pro Tips for your Finance Team

24mar10:00 am10:30 amUnlock the Potential of Digital Marketing with Dynamics 365 Marketing

25mar11:00 am12:00 pmConfab with Stoneridge - Livestream - The Four Keys to Choosing the Best ERP or CRM Solution

31mar10:00 am10:30 amThe Modern Manufacturer: Keys to Reporting Success

31mar01aprTraining Class: Financial Reporting W/Account Schedules for Dynamics 365 Business Central

april

31mar01aprTraining Class: Financial Reporting W/Account Schedules for Dynamics 365 Business Central

07apr10:00 am10:30 amBoost Seller Productivity and Close More Business with Dynamics 365 Sales

07apr2:00 pm2:30 pmEnsuring Quality for Batch Manufacturers

08apr11:00 am12:00 pmJumping into the Deep End of the Data Lake

14apr10:00 am10:30 amThe Modern Manufacturer: Cost Accounting in D365

22apr11:00 am12:00 pmMoving from Manual to Automated with Strategic Automation Strategies

28apr10:00 am10:30 amThe Modern Manufacturer: Best Practices for Inventory Turn

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X