Differences in security between AX 2012 and D365.

Transcription

1 Differences in security between AX 2012 and D365 1

2 Agenda Introduction Digital Transformation Security: D365 vs. AX 2012 Understanding concepts Review security management process New implementation Support existing Features available Scenario Q&A 2

3 D365/AXUG volunteer: Perennial summit presenter and attendee Dynamics Experience: 8 Years Dynamics AX 4 years Technical and Functional respectively Environment Management and Network Business Process and Change Management 5 years Security and Audit Compliance 3

4 Arbela by the Numbers Resources Offices (US, UK, Ukraine) MS Exams Passed Nationalities 3 2 Integrated Practices Gold Certifications 4 4 Arbela Products X as a Service s 21 Languages Spoken Dynamics 365 Sales Dynamics 365 PSA Dynamics 365 Dynamics 365 Finance & Operations Customer Insights 3 Silver Certifications Dynamics 365 Customer Service Dynamics 365 Field Service Dynamics 365 Talent BI & Analytics Audit & Security Manager Arbela Data Insights One Step Consolidation Master Data Centralization BI as a Service Marketing as a Service Security as a Service Customer Engagement as a Service 4

5 Effective Differences and Similarities between 2012 and D365 Authentication and Authorization are the same Azure AD vs. AD Role/Duty/Privilege are similar Added securable objects entity Naming conventions Upgrade path? Added features to manage and report on security Security Development tool -> embedded in D365 D365 - Test as role feature in Visual Studio Users and roles, roles and users Role and access Role by Duty SOD UI vs Development changes 5

6 Security architecture of Microsoft Dynamics 365 for Operations 6

7 User Access - Application Role Highest Level of assignment OOB 85+ Duty Used by Segregation of Duties checker in compliance module OOB approximately 850 Naming conventions: Inquire/View - Read Maintain Full Control (Delete) Enable Setup area Perf Review Privilege Lowest level normally used in security design OOB approximately 8000 Permission Table and control level OOB over 25,0000 7

8 Concepts Access levels Min and Max 5 core access levels No Access View/Read Edit/Update Create/Add Full Control/Delete Deny>Grant>Unset Modifying access Increase or decrease 8

9 Concepts Configuration vs Development Run-time vs. Development workspace Object vs Record security Access to Vendors vs. Access to Vendors in Vendor Group 10 SOD Embedded SOD concerns OOB roles Entry Setup Transactional Licensing Determined by access not use! 9

10 D365 - Table Structure Abstraction of security related tables Complex table relationships Table references are provided in table column XML format 10

11 D365 - Security Permissions 1. Create security objects in Visual Studio Same as before, a developer can create or edit new roles, duties and privileges in AOT and can be deployed by deployable packages. Visible in the UI. 2. Create security objects within UI Similar to AX 2012, users can create and edit security objects from UI, however in the back end D365 does not create any objects. All changes are stored as data and must be published to be committed. **Does Not commit to AOT! 11

12 D365 - Context-based Security AX 2012 D365 for F & O 12

13 Customizations Menu items Context security Entry point specific View and Full Control Unless reports or Jobs Enhancement or New Feature? Extend or New permission? Cannot remove in AOT Disable from configurator Find related 13

14 D365 - Data Entities Power BI/reporting Wizard Privileges: EntityView, EntityMaintain 14

15 Security Model Development M A T U R I T Y ~ P R E C I S I O N Project Phase Security level Security Model Development Design Development Testing CRP-x UAT Go Live Standard roles or system administrator Custom functional roles with standard roles embedded SHOULD be using custom functional roles by now! Custom functional roles Finalized custom functional roles Security Model in place Try not to start project core team members on system administrator! Create custom functional roles and begin to tune as needed for your business processes (at Planar we ended with ~40 custom roles). If testers have an issue performing a test step, this signifies either wrong function executing step or modification to custom role needed. Track security access issues as a part of the CRP this will be a continual refinement! You may have open security issues, as a workaround grant higher access than desired. Set up security request forms for user access and process for requesting changes to roles. 15

16 Process: New Security Model Analyze/Discover Design (T) Customizations Find references Develop/Test (T) CRP/UAT Deploy (T) Promote Support 16

17 Features to know Security configuration (Functional) Task recorder (Functional) Security diagnostics (Functional) Visual Studio Task recorder import Application/Solution Explorer View related roles/duties View with role set Excel workbook designer Data management Project filter Security Development Tool Security Roles, Duties and Privileges Process Cycle 17

18 Analyze/Discover - Identify Requirements Opportunity Standardize Business meets System or System meets Business? Leverage Legacy system Standard Operating Procedures Training documentation Interviews BPO sign off Considerations Controls/SOD Licensing 18

19 Design - Technical OOB roles or custom roles? Align HR/Job title to role Test/report and find missing permissions or over assignment Customizations Find related Data entities Show Identifier How much time can you spend? Features to use: D365 Visual Studio (App) Task recorder AX 2012 AOT Task recorder 19

20 Design Role stacking Super roles are inflexible Activity/task roles require maintenance Group by Department or BPO SOD and Licensing implications Licensing Visual Studio Add-ins Segregation of duties functionality in Sys Admin module Features to use: D365 Visual Studio (App) Task recorder Security Diagnostics Install Dev Tools AX 2012 AOT Task recorder 20

21 Design: Task recorder Security diagnostics 21

22 Develop/Test Naming conventions New permissions Duplicate Name explicitly Build/Deploy Test Iterate Dev -> Test -> Dev ->Test Test everything? Report Prepare for CRP/UAT Features to use: D365 Security configurator Visual Studio (App) App Explorer Add-ins View with role set Install Dev Tools Task recorder AX 2012 Security Development tool AOT Task recorder 22

23 Develop: View All Process Role - PTP Test 23

24 Deploy Promote UI (Data Management) VS (Source Code) Import User Excel workbook designer Assign Users to Roles Legal Entity assignment Features to use: D365 Users Data management AX 2012 Users AOT project or model 24

25 Deploy - Promote Data Management System Administration Export Metadata entities Source data format Sequence Edit file Import Bulk Overwrite 25

26 Deploy: Promote 26

27 Deploy - Promote Source Code Cloud Hand off to Microsoft Automated On-premise Full DB rights 27

28 Deploy Import Users Excel Workbook Designer Org Admin Setup Import Users Validation UserID NetworkDomain 28

29 Excel Workbook designer 29

30 Deploy: User import Role Promotion 30

31 Support/Optimize Periodic reporting User access reviews Control reviews Interruption of operations due to security Internal Controls SOD Industry Best Practices Licensing 31

32 QUESTIONS? 32

33 THANK YOU 33