Tuesday, November 29, 2016

2 Very Notable Changes in AX Security with AX7/D3FO

There are two very notable changes with security when moving to AX7 or Dynamics 360 For Operations (D3FO).  I learned this at the 2016 AXUG Summit Conference.
  1. The Security Development Tool that I love (!!!) will be completely new starting with AX7.  The menu item is called Security Configuration Form.  You won't be able to TEST from the tool anymore.  Hopefully Microsoft will add this back.
  2. There are multiple access levels to a form which is set at each entry point.  In D3FO, the application will honor entry point access.  What this means in layman terms is IF a user has role which grants them multiple accesses to a form.  Then depending on what navigation path they access the form from, their access will be different.  Microsoft considered this a bug in 2012 and corrected it in AX7.  This may upset/confuse your users as they may think their access has been changed!


  1. Oh, I love the Security Development Tool! That was something that was done very well in AX 2012. I hope we see something even better in D3FO! Thanks for the post. I have been wondering about how security will be handled in D3FO.

    1. Microsoft is looking at the current features of the tool, then selectively moving some elements into the client or Visual Studio as addins. It's a work in progress as far as could gather from my conversations and Summit sessions. I create another post after I gather a bit more information. Thank you for the comment.