Skip to main content

Dynamics 365 for Operations Security Analysis

I was recently looking at different ways of analyzing the security in the AOT. I found an Addin that is in Visual Studio.

Click on the “View related objects and licenses for all roles”.


It takes about 5 minutes to put all the data together and export an Excel file.

You get two worksheets.

  • License information – Shows the different security objects; Roles, Duties and Privileges. Showing the license type.
  • View related objects – This is a detailed exploded view of the Roles, duties, privileges, resource (I.e. menu item)



Based on the second tab I was able to create a pivot table. This allows me to figure out what makes a particular license Enterprise.


The thing you have to keep in mind is that this is looking at the AOT. If you have made security changes in the front end, this Addin won’t recognize it.

If you want to review security from the front end then navigation to the Security configuration form. Then click on the View permissions.


You will get a similar list as the Excel sheet. You get the Role license type. In the grid you get the exploded view with the license type. You can sort on the License column and figure out what makes up the Enterprise license.


I have a few suggestions for Microsoft:

1. Can we have a simple export from the front end. Export the same Excel as the add in – I.e. exploded view for all security objects.

2. Add a new Excel worksheet to export the “User roles” - Users with their roles and showing the License type. Also add the field Enabled (active user or not).

3. Make these exploded view an actual table that gets updated periodically.

4. Create data entities for PowerBI content pack. This would allow the ERP administrators a dashboard to see things like

     a) Number of Active users by License type

     b) Drill through to Roles and Security objects

Popular posts from this blog

AX - How to use Map and MapEnumerator

Similar to Set class, Map class allows you to associate one value (the key) with another value. Both the key and value can be any valid X++ type, including objects. The types of the key and the value are specified in the declaration of the map. The way in which maps are implemented means that access to the values is very fast. Below is a sample code that sets and retrieves values from a map. static void checkItemNameAliasDuplicate(Args _args) { inventTable inventTable; Map map; MapEnumerator mapEnumerator; NameAlias nameAlias; int counter = 0; ; map = new Map(Types::String, Types::Integer); //store into map while select inventTable { nameAlias = inventTable.NameAlias; if (!map.exists(nameAlias)) { map.insert(nameAlias, 1); } else { map.insert(nameAlias, map.lookup(nameAlias) + 1); } } //retrieve fro

AX - How to use Set and SetEnumerator

The Set class is used for the storage and retrieval of data from a collection in which the values of the elements contained are unique and serve as the key values according to which the data is automatically ordered. You can create a set of primitive data types or complex data types such as a Class, Record or Container. Below is sample of a set of records. static void _Set(Args _args) {     CustTable       custTable;     Set             set = new Set(Types::Record);     SetEnumerator   setEnumerator;     ;     while select custTable     {         if (custTable && !         {             set.add(custTable);         }     }     if (!set.empty())     {         setEnumerator = set.getEnumerator();         setEnumerator.reset();         while (setEnumerator.moveNext())         {             custTable = setEnumerator.current();             info(strfmt("Customer: %1",custTable.AccountNum));         }     } } Common mistake when creating a set of recIds

Import document handling (attachment) files #MSDyn365FO

Out of the box you have limited data entities for migrating attachments. If you search what is already in the AOT, you will see a few various examples. I suggest you look at the LedgerJournalAttachmentsEntity as it is the simplest and cleans to copy from. I wont go into detail but I will give a quick run down of what it looks like. Use the DocuRefEntity as your main datasource. It does most of the work for you. Set your table you want to import for as the child datasource Add the Key You will need to add the postLoad method. There is minor code to update the virtual field FileContents. Below is an export I did for the general journal attachments. The import zip structure should be the same way. It will create the usual artifacts such as the excel, manifest and package header xml files. You will see a Resources folder under that. If you drill down to the resources you will see the attachments. This is an export and it used the document GUID for uniqueness. The other thing is the extensi