Differences in security between AX 2012 and D365
Transcript of Differences in security between AX 2012 and D365
![Page 1: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/1.jpg)
1www.arbelatech.com
Differences in security between AX 2012 and D365
![Page 2: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/2.jpg)
2www.arbelatech.com
• Introduction
• Digital Transformation
• Security: D365 vs. AX 2012
• Understanding concepts
• Review security management process
• New implementation
• Support existing
• Features available
• Scenario
• Q&A
Agenda
![Page 3: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/3.jpg)
3www.arbelatech.com
D365/AXUG volunteer:
• Perennial summit presenter and attendee
Dynamics Experience:
• 8 Years Dynamics AX
• 4 years Technical and Functional respectively
• Environment Management and Network
• Business Process and Change Management
• 5 years Security and Audit Compliance
@coreybakhtiary
![Page 4: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/4.jpg)
4www.arbelatech.com
145+Resources
3Integrated Practices
2Gold Certifications
3Silver Certifications
250+MS Exams Passed
5Offices (US, UK, Ukraine)
4Arbela Products
4X as a Service’s
Dynamics 365
Customer ServiceDynamics 365
Field Service
Dynamics 365
Sales
Dynamics 365
PSA
One Step
ConsolidationMaster Data
Centralization
Arbela Data
Insights
Audit &
Security Manager
BI as a
Service
Marketing as
a ServiceSecurity as
a Service
25Nationalities
21Languages Spoken
Dynamics 365
Finance & Operations
Dynamics 365
TalentDynamics 365
Customer Insights
Arbela by the Numbers
Customer Engagement
as a Service
BI & Analytics
![Page 5: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/5.jpg)
5www.arbelatech.com
Effective Differences and Similarities between 2012 and D365
• Authentication and Authorization are the same• Azure AD vs. AD
• Role/Duty/Privilege are similar• Added securable objects – entity
• Naming conventions
• Upgrade path?
• Added features to manage and report on security• Security Development tool -> embedded in D365
• D365 - Test as role feature in Visual Studio
• Users and roles, roles and users
• Role and access
• Role by Duty – SOD
• UI vs Development changes
![Page 6: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/6.jpg)
6www.arbelatech.com
Security architecture of Microsoft Dynamics 365 for Operations
![Page 7: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/7.jpg)
7www.arbelatech.com
User Access - Application
Role• Highest Level of assignment
• OOB 85+
Duty• Used by Segregation of Duties checker
in compliance module
• OOB approximately 850
Privilege
• Lowest level normally used in security design
• OOB approximately 8000
Permission• Table and control level
• OOB over 25,0000
Naming conventions:• Inquire/View - Read• Maintain – Full Control (Delete)• Enable – Setup area• Perf Review
![Page 8: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/8.jpg)
8www.arbelatech.com
• Access levels• Min and Max
• 5 core access levels• No Access
• View/Read
• Edit/Update
• Create/Add
• Full Control/Delete
• Deny>Grant>Unset
• Modifying access• Increase or decrease
Concepts
![Page 9: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/9.jpg)
9www.arbelatech.com
•Configuration vs Development• Run-time vs. Development workspace
•Object vs Record security• Access to Vendors vs. Access to Vendors in Vendor Group 10
•SOD• Embedded SOD concerns – OOB roles
• Entry
• Setup
• Transactional
•Licensing• Determined by access not use!
Concepts
![Page 10: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/10.jpg)
10www.arbelatech.com
•Abstraction of security related tables
•Complex table relationships
•Table references are provided in table column –XML format
D365 - Table Structure
![Page 11: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/11.jpg)
11www.arbelatech.com
1. Create security objects in Visual Studio
Same as before, a developer can create or edit new roles, duties and privileges in AOT and can be deployed by deployable packages. Visible in the UI.
2. Create security objects within UI
Similar to AX 2012, users can create and edit security objects from UI, however in the back end D365 does not create any objects. All changes are stored as data and must be published to be committed.
**Does Not commit to AOT!
D365 - Security Permissions
![Page 12: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/12.jpg)
12www.arbelatech.com
D365 - Context-based Security
AX 2012 D365 for F & O
![Page 13: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/13.jpg)
13www.arbelatech.com
• Menu items
• Context security
• Entry point specific
• View and Full Control
• Unless reports or Jobs
• Enhancement or New Feature?
• Extend or New permission?
• Cannot remove in AOT
• Disable from configurator
• Find related
Customizations
![Page 14: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/14.jpg)
14www.arbelatech.com
•Power BI/reporting
•Wizard• Privileges: EntityView, EntityMaintain
D365 - Data Entities
![Page 15: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/15.jpg)
15www.arbelatech.com
Security Model Development
Project Phase Security level Security Model Development
Design Standard roles or system administrator
Try not to start project core team members on system administrator!
Development Custom functional roles with standard roles embedded
Create custom functional roles and begin to “tune” asneeded for your business processes (at Planar we ended with ~40 custom roles).
Testing SHOULD be using custom functional roles by now!
If testers have an issue performing a test step, this signifies either wrong “function” executing step or modification to custom role needed.
CRP-x Custom functional roles
Track security access issues as a part of the CRP –this will be a continual refinement!
UAT Finalized custom functional roles
You may have open security issues, as a workaround grant “higher” access than desired.
Go Live Security Model in place
Set up security request forms for user access and process for requesting changes to roles.
MATURITY ~ PRECISION
![Page 16: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/16.jpg)
16www.arbelatech.com
•Analyze/Discover
•Design (T)• Customizations
• Find references
•Develop/Test (T)
•CRP/UAT
•Deploy (T)• Promote
•Support
Process: New Security Model
![Page 17: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/17.jpg)
17www.arbelatech.com
Features to know
• Security configuration (Functional)
• Task recorder (Functional)
• Security diagnostics (Functional)
• Visual Studio
• Task recorder import
• Application/Solution Explorer
• View related roles/duties
• View with role set
• Excel workbook designer
• Data management
• Project filter
• Security Development Tool
• Security Roles, Duties and Privileges
• Process Cycle
![Page 18: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/18.jpg)
18www.arbelatech.com
•Opportunity• Standardize
• Business meets System or System meets Business?
• Leverage • Legacy system
• Standard Operating Procedures
• Training documentation
• Interviews• BPO sign off
•Considerations• Controls/SOD
• Licensing
Analyze/Discover - Identify Requirements
![Page 19: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/19.jpg)
19www.arbelatech.com
•OOB roles or custom roles?• Align HR/Job title to role
• Test/report and find missing permissions or over assignment
• Customizations• Find related
• Data entities
• Show Identifier
• How much time can you spend?
Design - Technical
Features to use:
• D365
• Visual Studio (App)
• Task recorder
• AX 2012• AOT• Task recorder
![Page 20: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/20.jpg)
20www.arbelatech.com
• Role stacking
• Super roles are inflexible
• Activity/task roles require maintenance
• Group by Department or BPO
• SOD and Licensing implications
• Licensing
• Visual Studio Add-ins
• Segregation of duties functionality in Sys Admin
module
Design
Features to use:
• D365
• Visual Studio (App)
• Task recorder
• Security Diagnostics
• Install Dev Tools
• AX 2012• AOT• Task recorder
![Page 21: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/21.jpg)
21www.arbelatech.com
Task recorder
Security diagnostics
Design:
![Page 22: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/22.jpg)
22www.arbelatech.com
• Naming conventions
• New permissions
• Duplicate
• Name explicitly
• Build/Deploy
• Test
• Iterate Dev -> Test -> Dev ->Test
• Test everything?
• Report
• Prepare for CRP/UAT
Develop/Test
Features to use:
• D365
• Security configurator
• Visual Studio (App)
• App Explorer
• Add-ins
• View with role set
• Install Dev Tools
• Task recorder
• AX 2012• Security Development
tool• AOT• Task recorder
![Page 23: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/23.jpg)
23www.arbelatech.com
• View All Process Role -PTP
• Test
Develop:
![Page 24: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/24.jpg)
24www.arbelatech.com
•Promote
•UI (Data Management)
•VS (Source Code)
• Import User
•Excel workbook designer
•Assign Users to Roles
• Legal Entity assignment
Deploy
Features to use:
• D365
• Users
• Data management
• AX 2012• Users• AOT project or model
![Page 25: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/25.jpg)
25www.arbelatech.com
•Data Management• System Administration
•Export• Metadata entities
• Source data format
• Sequence
•Edit file
• Import• Bulk Overwrite
Deploy - Promote
![Page 26: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/26.jpg)
26www.arbelatech.com
Deploy:
Promote
![Page 27: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/27.jpg)
27www.arbelatech.com
•Source Code
•Cloud• Hand off to Microsoft
• Automated
•On-premise• Full DB rights
Deploy - Promote
![Page 28: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/28.jpg)
28www.arbelatech.com
•Excel Workbook Designer• Org Admin
• Setup
• Import Users• Validation
• UserID
• NetworkDomain
Deploy – Import Users
![Page 29: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/29.jpg)
29www.arbelatech.com
Excel Workbook designer
![Page 30: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/30.jpg)
30www.arbelatech.com
www.arbelatech.com
Deploy:
User import
Role Promotion
![Page 31: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/31.jpg)
31www.arbelatech.com
•Periodic reporting• User access reviews
• Control reviews
• Interruption of operations due to security
• Internal Controls• SOD
• Industry Best Practices
•Licensing
Support/Optimize
![Page 32: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/32.jpg)
32www.arbelatech.com
QUESTIONS?
www.arbelatech.com
![Page 33: Differences in security between AX 2012 and D365](https://reader030.fdocuments.us/reader030/viewer/2022012408/616a2cd511a7b741a34fa0eb/html5/thumbnails/33.jpg)
33www.arbelatech.com
www.arbelatech.com
THANK YOU