Core Differences in Security Implementation between Dynamics AX and Dynamics 365 for Operations

by | Updated January 2, 2018 | Dynamics 365 for Finance and Operations, Dynamics AX, Security

I had the privilege of recently attending the Dynamics 365 Tech Conference in Seattle, WA, and joined a class on the Dynamics 365 (D365) for Operations Security Model. This seminar focused on the core differences in security implementation between Dynamics AX and Dynamics 365 for Operations and covered some differences in technology and methodology.

Security Framework & Approach

At the core, the security framework and approach is essentially the same between Dynamics AX 2012 and D365 for Operations. One of the major differences is the concept of the separation between design time and run-time environments. In AX 2012, if you made changes to a security object (say a privilege), it would be immediately effective and an end-user would simply have to log out and back in the client to see those changes. In D365 however, those changes need to be “published” and a batch job of sorts will run (typically within five minutes) and implement those changes. Therefore, security changes may not be immediate.

Entry Point Security

Another key change in security surrounds Entry point security. One difficulty we encountered in AX 2012 was that if I had a security role that needed read access to a table or menu item on one privilege and delete permissions was given elsewhere on the form on another privilege, AX gave the role access to the form regardless of where the user came in on (if they came into the form through a read or delete entry point). This really was difficult sometimes during troubleshooting because it meant reverse engineering and “peeling the onion” back on every possible security touch point to the form or table in question to see where that access came from. Now in D365 for Operations, if the user came in from a read menu item, the delete will be ignored. This was really how AX 2012 should have worked, in that now Dynamics is respecting the developers intent here. This will really help in making security a bit easier to troubleshoot.

Security Reports & Diagnostic Tools added to D365

Some new security reports and diagnostic tools have been added to D365. When logged in as a system administrator, on the Options for any form there is an option for “Security Diagnostics”. This shows you all of the roles, duties, or privileges that give a user access to that form. Say, for example, a user comes in on a form and can’t access something they need to. A system administrator can navigate there, click on Security Diagnostics, and there will be buttons to “Add duty to a role” and other security-related tasks which essentially provide many of the security tasks at a form-level.

Removal of Tools

One last interesting part to mention regarding security in D365 are some removals. The Security Development Tool is no more! This was a valuable tool for many AX 2012 developers and system administrators and it will be greatly missed. There are a few pieces here in there in terms of tools in the D365 client as well as Visual Studio that accomplish (most) of what the Security Development Tool offered, but it is not a complete replacement. The biggest aspect that I will miss the most is the ability to traverse the AX menu navigation tree, down to the button or menu item object and add/remove permissions from there. There is currently no replacement for this functionality:

security entry point permissions in dynamics 365 for operations

Time will tell if this is a viable solution or if something else will need to be developed.

Second, the use of Active Directory groups for user provisioning has not been removed per se, but it has been disabled by default. The notion behind this surrounds the protection of segregation of duties. When using Active Directory groups, I’m essentially turning my AD administrator into an AX administrator with full control thereof, thus it is turned off by default but can be enabled through a configuration key.

Exciting things are coming with the new D365, and hopefully, security will be easier to implement and lighter to manage.

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

september

02sep10:00 am10:30 amThe Modern Manufacturer - Cycle Count Management

02sep12:00 pm12:30 pmBest Practices for Work Order Planning and Routing for Field Service Companies

09sep10:00 am11:00 amWhat is Levridge? An Overview of the Ultimate Ag Solution

09sep12:00 pm12:30 pmOverview of Microsoft Promotion for NAV and GP Clients

10sep11:00 am12:00 pmConfab with Stoneridge - Livestream - Field Service Comparisons

16sep10:00 am10:30 amThe Modern Manufacturer - Product Lifecycle Management

16sep12:00 pm12:30 pmHow to Upgrade to Dynamics 365 Finance and Operations: Examining Custom Code and ISV Implications

16sep2:00 pm2:30 pmScheduling and Dispatching for the Modern Field Service Company

23sep12:00 pm1:00 pmDynamics 365 Business Central Wave 2 Release Preview - An Overview of the Most Exciting New Features Coming in October

24sep11:00 am12:00 pmConfab with Stoneridge - Livestream - The Modern Workplace: Teams, Sharepoint, Outlook, Office, and AI Integration

30sep10:00 am10:30 amThe Modern Manufacturer - Return Management

30sep12:00 pm12:30 pmEmpowering Your Field Service Technicians with a Mobile Solution

october

07oct12:00 pm1:00 pmThe Three Paths to Business Central from Dynamics GP

08oct11:00 am12:00 pmConfab with Stoneridge - Livestream - The Vision and Strategy of Microsoft Business Systems

14oct10:00 am10:30 amThe Modern Manufacturer - Complex Cost Modeling

14oct12:00 pm12:30 pmGenerating Custom Inspection or Process Forms

19octAll Day22Stoneridge Connect Fall 2020

22oct11:00 am12:00 pmConfab with Stoneridge - Livestream - Stoneridge Connect Recap

28oct10:00 am10:30 amThe Modern Manufacturer - Engineering Change Orders

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X