Identifying Roles for Security in Dynamics 365 for Operations

By Josh Lee | May 18, 2017

Identifying roles for security in dynamics 365 for operations

With Dynamics 365 for Operations comes change. And change is good, it helps keep us on our toes and gives us an opportunity to freshen up our skill sets. There is plenty of change with Dynamics 365 for Operations and one such opportunity to freshen up my security skillsets recently presented itself.

A client asked what role they needed to add a user to in order for the user to be able to run Process assortments from the Retail module.

SecurityRoles_Dynamics365forOperations_JoshLee1

The Process assortments link simply popped out a flyout form to run a batch job that executed the Retail Assortments Job.

SecurityRoles_Dynamics365forOperations_JoshLee2

A Quick Review – Security in Dynamics 365 for Operations

Security in Dynamics 365 for Operations is largely unchanged from Dynamics AX 2012. It’s still focused on role-based security with a minor new layer of Azure Active Directory as an authentication mechanism before the authorization piece. I’m not going to cover how security works in Dynamics 365 for Operations, but if you are interested in learning more, review the following links:

In a nutshell, this is how security is structured in Dynamics 365 for Operations:

SecurityRoles_Dynamics365forOperations_JoshLee3

Security Changes in Dynamics 365 for Operations

There are a few changes to security in Dynamics 365 for Operations, while not exhaustive, they are:

  • Process Cycles have been removed
  • Record Level Security is obsolete
  • Security changes are stored as data when done from the UI

The root of all security is gained by placing users within a defined Security Role to grant them access to whatever it is they need access to (this is really simplifying security).  In Dynamics AX 2012, the old way of figuring out when a user didn’t have access to something (in this case that something is a menu item), you could do the following:

  • Identify the area the user didn’t have access to
  • Log into Dynamics AX as a sysadmin
  • Right-click on it on the area, select personalize and identify what the object was
  • Open the AOT and select the object (or find the root object)
  • Use the Security tools add-in to View Related security roles report

This is a simplified overview of how you could determine what role a user might need to be added to gain access to an object (form, menu item, etc.)

Identifying What Roles Have Access to An Object

With Dynamics 365 for Operations, things have changed.  The old way of identifying what role(s) have access to an object is different, as the interface and client are different. Let’s circle back to the question at the start of this blog.

What role(s) have access to run the Process assortments job in Retail?

There were two ways this question could potentially be answered:

  1. Use Task Recorder to create a recording of the steps in the process and then use Security diagnostics for task recordings (System Administration | Security) to review required permissions.
  2. Use a developer machine, open Visual Studio and navigate through the AOT to find the object and default roles that have permission.

I started with option number one above, however, I found that the recording simply didn’t provide any security context information since it was a flyout and not a true form:

Here are the recording steps:

SecurityRoles_Dynamics365forOperations_JoshLee4

And here is what the Security diagnostics for task recordings showed (short version – total bust):

SecurityRoles_Dynamics365forOperations_JoshLee5

SecurityRoles_Dynamics365forOperations_JoshLee6

Option number two it is.

Identifying Roles in Visual Studio

To start I did the following:

  1. Logged into a Developer Machined
  2. Opened Visual Studio
  3. Navigated to AOT | User Interface | Menus | RetailMain | RetailITMenu | ProductsAssortmentExploderJobScheduler

SecurityRoles_Dynamics365forOperations_JoshLee7

First I looked at the Properties window to determine what objects are involved.  In this case, it’s a Menu Item with a type of Action.

SecurityRoles_Dynamics365forOperations_JoshLee8

Next, I navigated to AOT | User Interface | Menu Items | Action | RetailAssortmentExploderJobScheduler

SecurityRoles_Dynamics365forOperations_JoshLee9

Then I right clicked on the menu action and selected Open designer

SecurityRoles_Dynamics365forOperations_JoshLee10

From the designer window, right click on the RetailAssortmentExploderJobScheduler and select Addins | View related roles

SecurityRoles_Dynamics365forOperations_JoshLee11

And here is the resulting report showing what Roles by default have access to this object thus answering the question what roles a user might need to be added to be able to run the Process Assortments job.

SecurityRoles_Dynamics365forOperations_JoshLee12

 

Related Posts

Recommended Reading:

Managing Your Business Through Uncertain Times Using Dynamics 365 Finance and Operations

  Dynamics 365 Finance and Operations (F&O) can help you make informed decisions on how to move your business forward. […]

Read the Article
5.13.22 Power Platform

Using Power BI Object Level Security

  The following article will demonstrate how to use Power BI Object Level Security to disable column data based on […]

Read the Article
5.12.22 Dynamics CRM

How to Use the Stoneridge Support Portal

Stoneridge Software’s support portal is an intuitive and useful function that makes it easy for you to access resources to […]

Read the Article
5.6.22 Dynamics GP

Dynamics GP Transaction Removal: Purchase Orders

  Are you having performance issues with Purchase Orders?  Do you find that there are old Purchase Orders on your […]

Read the Article
5.5.22 Dynamics GP

The Real Story about the Long-Term Future of Dynamics GP Support

I’ve seen a number of people put forward comment that Dynamics GP is going away and you have to get […]

Read the Article

New Features in Dynamics 365 Business Central 2022 Wave 1 Release – Financial Enhancements

The Dynamics 365 Businses Central 2022 Wave 1 Release has a lot of new and exciting features to help your […]

Read the Article
4.29.22 Dynamics GP

Dynamics GP Transaction Removals: Bank Reconciliation

  This is part 2 of a 3 part series on Dynamics GP Transaction Removals. These quick tips will hopefully […]

Read the Article
4.28.22 Dynamics GP

Uncommonly Used Features – Integrate Purchasing and Payables to Fixed Assets in Dynamics GP

Being able to integrate Purchasing and Payables to Fixed Assets in Dynamics GP will help you create visibility for your […]

Read the Article

New Features in the Dynamics 365 Business Central 2022 Wave 1 Release – Ease-of-Use Features

  There are many new features in the Dynamics 365 Business Central 2022 Wave 1 Release to get excited about! […]

Read the Article

Start the Conversation

It’s our mission to help clients win. We’d love to talk to you about the right business solutions to help you achieve your goals.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X