Role-based security in Dynamics 365 for Operations. What changed and what stayed the same.

New version of AX has a couple of changes in the security architecture. Process cycles are removed (no one really used them in AX 2012) and record level security is finally obsolete.

However, because of new code architecture and restrictions that came with it, there are some changes in the way how we create new security artifacts.  Previously, in AX 2012, all security objects were stored in AOT as a metadata, even if you did security setup from UI new objects were created or changed in AOT. Now, because of .Net platform, we cannot generate assemblies on the go, so there are two ways how to create security objects:

  1. Create security objects in Visual Studio.

Nothing has changed here, developer can create or edit new roles, duties and privileges in AOT. Then they can be deployed via deployable packages.  For today’s blog I created simple role, duty and couple of privileges.

  1. Create security object from UI.

In current version experience is similar to AX 2012, where user can create and edit security objects from UI, but under the hood AX does not create any objects! All changes are stored as a data. On screenshot below you can see new role created by me for this article.

myrole

New role has one duty and this duty has only one privilege. Now I’m going to add one more privilege “My PrivilegeTwo” to my duty. To do this you need to select a duty you want to modify, click “Add references” and select a privilege you want to add.

MyRoleChange.jpg

After that, you may notice “unpublished objects” and you can either publish them or undo.

myrolepublishchanges

Let’s add one more privilege in AOT.

MyDutyAOTChanged.jpg

As you can see, in AOT my duty consists only from two privileges, however, in UI AX shows three:

MyRoleAOTUIChanged.jpg

Two of them were created by developer in AOT and one was done in UI and is stored as data.

In next blog post I will show how to deploy security data changes across environments and how to use Security diagnostics tool.

Advertisements

3 thoughts on “Role-based security in Dynamics 365 for Operations. What changed and what stayed the same.

  1. Alejandro January 26, 2017 / 6:53 pm

    Do you know if there is any tool to create all the artifacts into code by reading a exported file from AX?

    • ievgensaxblog January 26, 2017 / 7:05 pm

      Hi Alejandro,
      As far as I’m aware, there is no tool. However, I heard that this feature is in the road map.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s