Core Differences in Security Implementation between Dynamics AX and Dynamics 365 for Operations

by | Mar 31, 2017 | Dynamics 365 for Finance and Operations, Dynamics AX, Security

I had the privilege of recently attending the Dynamics 365 Tech Conference in Seattle, WA, and joined a class on the Dynamics 365 (D365) for Operations Security Model. This seminar focused on the core differences in security implementation between Dynamics AX and Dynamics 365 for Operations and covered some differences in technology and methodology.

Security Framework & Approach

At the core, the security framework and approach is essentially the same between Dynamics AX 2012 and D365 for Operations. One of the major differences is the concept of the separation between design time and run-time environments. In AX 2012, if you made changes to a security object (say a privilege), it would be immediately effective and an end-user would simply have to log out and back in the client to see those changes. In D365 however, those changes need to be “published” and a batch job of sorts will run (typically within five minutes) and implement those changes. Therefore, security changes may not be immediate.

Entry Point Security

Another key change in security surrounds Entry point security. One difficulty we encountered in AX 2012 was that if I had a security role that needed read access to a table or menu item on one privilege and delete permissions was given elsewhere on the form on another privilege, AX gave the role access to the form regardless of where the user came in on (if they came into the form through a read or delete entry point). This really was difficult sometimes during troubleshooting because it meant reverse engineering and “peeling the onion” back on every possible security touch point to the form or table in question to see where that access came from. Now in D365 for Operations, if the user came in from a read menu item, the delete will be ignored. This was really how AX 2012 should have worked, in that now Dynamics is respecting the developers intent here. This will really help in making security a bit easier to troubleshoot.

Security Reports & Diagnostic Tools added to D365

Some new security reports and diagnostic tools have been added to D365. When logged in as a system administrator, on the Options for any form there is an option for “Security Diagnostics”. This shows you all of the roles, duties, or privileges that give a user access to that form. Say, for example, a user comes in on a form and can’t access something they need to. A system administrator can navigate there, click on Security Diagnostics, and there will be buttons to “Add duty to a role” and other security-related tasks which essentially provide many of the security tasks at a form-level.

Removal of Tools

One last interesting part to mention regarding security in D365 are some removals. The Security Development Tool is no more! This was a valuable tool for many AX 2012 developers and system administrators and it will be greatly missed. There are a few pieces here in there in terms of tools in the D365 client as well as Visual Studio that accomplish (most) of what the Security Development Tool offered, but it is not a complete replacement. The biggest aspect that I will miss the most is the ability to traverse the AX menu navigation tree, down to the button or menu item object and add/remove permissions from there. There is currently no replacement for this functionality:

security entry point permissions in dynamics 365 for operations

Time will tell if this is a viable solution or if something else will need to be developed.

Second, the use of Active Directory groups for user provisioning has not been removed per se, but it has been disabled by default. The notion behind this surrounds the protection of segregation of duties. When using Active Directory groups, I’m essentially turning my AD administrator into an AX administrator with full control thereof, thus it is turned off by default but can be enabled through a configuration key.

Exciting things are coming with the new D365, and hopefully, security will be easier to implement and lighter to manage.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

june

02jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Conference Room Pilots

03jun10:00 am10:30 amWhy Levridge Grain? Streamlining Sales Contracts

04jun11:00 am12:00 pmConfab With Stoneridge - Livestream - Customer Insights

04jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Dealing with Challenges Mid-Project

09jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Customizations vs Configurations and How You Manage Them

10jun10:00 am11:00 amOn the Job with Dynamics 365 - Manufacturing Buyer

11jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Data Migration - Early and Often

15jun(jun 15)9:00 am16(jun 16)4:00 pmDynamics 365 Finance and Supply Chain Management Training for AX 2012 Developers

16jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Environment Management and Deployments

17jun10:00 am10:30 amWhy Levridge Grain? Best Practices for Managing Load Orders for Grain Processors

17jun12:00 pm1:00 pmMobilizing an efficient, streamlined AP department with AP Automation

17jun2:00 pm3:00 pmGuide for B2B Businesses: Tackling Supply Chain Optimization and Customer Experience Challenges

18jun11:00 am12:00 pmConfab with Stoneridge - Livestream - Enterprise Asset Management and Preventative Maintenance

18jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Testing - Definition and Activities

23jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Training for All

24jun10:00 am11:00 amOn the Job with Dynamics 365 - Manufacturing Production Manager

25jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Going Live

30jun1:00 pm1:30 pmHow to Implement Microsoft Dynamics: Hypercare

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X