Security Overview of Dynamics AX and D 365
- Slides: 23
Security Overview of Dynamics AX and D 365 FO Alex Meyer Director of Dynamics AX/365 FO Development Fastpath, Inc. meyer@gofastpath. com Twitter: @alexmeyer_ITGuy Blog: d 365 foblog. com
Agenda • • Welcome AX 2012 Security Model Overview D 365 FO Security Model Overview Security Development Tool Demo Common Data Service GDPR Features Questions
AX 2012 Security Model
AX 2012 Security Model • AX 2012 – – – Pessimistic security model Template Roles, Duties, Privileges are delivered Roles are system wide User roles can be restricted by legal entity Record level security is available • Replaced by Extensible Data Security (XDS) Policies – Setup users via Active Directory Groups – Security reports – limited • D 365 FO – Follows the same security model with minor differences
Assigning Object Permissions • AX 2012 • D 365 FO
Environment Differences • AX 2012 – Design time and runtime lived in same environment • D 365 FO – Design time is on development VM, runtime is web app in Azure
D 365 FO Data Security • Transparent Data Encryption – Data and logs in Azure SQL are encrypted at rest • Table Permissions Framework (TPF) – Used for High Business Impact (HBI) data – Users must be given explicit access to field otherwise it will be hidden – Can be applied at field level • Extensible Data Security (XDS) still available
Entry Point Security If accessing the form through menu item 1: - In AX 2012, the effective permission to the table is DELETE - In D 365, the effective permission to the table is READ - D 365 honors the menu item permission when accessing the form
Data Entities • New to Dynamics 365 • Encapsulates a business concept that may exist across multiple tables with Dynamics 365 • Allows for easy CRUD operations (especially from outside of Dynamics 365) • Template Data Entities come out of the box, can create customized ones as well • Have their own security property called Integration Mode
Security Development Tool in AX • • ‘Beta’ tool from Microsoft Security reporting Task Recording Test workspace – Reduces need for test user accounts – Limitations • Cannot open test multi-role assignment (Can use sub-roles) • Does not work if you use AD Groups for user provisioning • Licensing • D 365 – Where’d it go?
Demo
Common Data Service • Centralized database to aggregate data from multiple systems • Includes mappings from source to destination environments • Comes out of the box with standard entities called the Common Data Model, can also create custom elements • Being transitioned to new version called Common Data Service for Apps (built on XRM platform with Power Apps front-end) • Since CDS is built on XRM platform, security model follows CRM security model • • Roles -> Privileges Sharing Access Levels: Global, Deep, Local, Basic, None
GDPR Features • Roles with Sensitive Access
GDPR Features • Asset Classification on table fields
GDPR Features Asset Classification on table fields • Customer Content – data collected and managed by the controller • End User Identifiable Information (EUII) – natural value used to identify a user of the service • End User Pseudonymous Information (EUPI) – generated value used to identify the user of the service • Organizational Identifiable Information (OII) – value used to identify the organization using the service • System Metadata – value that describes the software or used by the software • Object Metadata – value that describes the software or used by the software • Account Data – value provided by or used by the tenant to identify the billing information or identify the software • Support Data –information used to provide customer support
GDPR Features Person Search Report
GDPR Features Person Search Report Results
Common Security Challenges • Access security is low priority for project team • Everyone assigned System Administrator • Security is in the domain of IT/Sys Admin not BPOs • Expensive customizations in place of security • No consideration for segregation of duties • Process controls not part of the design • Dilution of ‘go-live’ security design
Reviewing Security • • Take a risk based approach to reviews Monitor and report on user access BPOs should review access Update process controls and SOD rules to reflect security changes
Resources • Book – Security and Audit Field Manual for Microsoft Dynamics 365 Finance and Operations • 2 nd Edition available at Summit Phoenix www. gofastpath. com/d 365 book • Whitepaper – Develop and Implement Least Privilege Security for Dynamics 365 for Finance and Operations www. gofastpath. com/d 365 -least-privilege • Security Matrix – AX 2012 https: //www. gofastpath. com/ax-2012 -security-matrix – D 365 FO https: //www. gofastpath. com/d 365 fo-security-matrix
Fastpath for Dynamics AX/365 FO Fastpath ensures our customers can confidently answer these three critical questions: Who has access to their systems? Assure Segregation of Duties and Security Access Reviews Audit Trail What did they do with that access? Critical Data Change Tracking Identity Manager Compliant User and Emergency Access Provisioning Where are they vulnerable? Security Designer Create and Change Security in Dynamics
Links • • • • Dynamics 365 For Operations Blog (Personal Blog) You. Tube Tutorial on Simulating the Security Development Tool in Dynamics 365 for Operations (5: 35) D 365 Wiki Task Recorder in Microsoft Dynamics 365 for Operations Security Development Tool User Guide Microsoft Dynamics AX 2012 R 3 Licensing Guide Introduction to Microsoft Dynamics 365 licensing Dynamics AX Server Team Blog Role-based Security Use Patterns for Developers Developing Extensible Data Security Policies Security Roles & Licensing Whitepaper Table Permissions Framework Transparent Data Encryption Understanding Security in Microsoft Dynamics AX 2009
Questions? Alex Meyer Director of Dynamics AX/365 FO Development Fastpath, Inc. meyer@gofastpath. com Twitter: @alexmeyer_ITGuy Blog: d 365 foblog. com
- Dynamics 365 portal security
- Dynamics 365 security best practices
- Provate security
- Dynamics 365 finance and operations
- Dynamics crm gamification solution
- Jira dynamics 365 integration
- Mindmap office365
- Dynamics 365 on premise to online migration
- Alta dynamics
- Dynamics 365 tiered pricing
- Selling dynamics 365
- Dynamics 365 public sector
- Dynamics 365 plm
- Dynamics 365 project resource hub
- Clone record dynamics 365 on premises
- Kanban viewer cds dynamics 365
- Dynamics 365 lead assignment
- Attach2dynamics
- Dynamics 365 uptime
- Dynamics 365 backup veeam
- Dynamics 365 azure service bus integration
- D365 manufacturing execution
- Microsoft 365 governance risk management
- Connecting dynamics 365 to power bi