The security architecture of Microsoft Dynamics 365 for Finance and Operations (D365FO) is based on a role-based model in which the access is not granted individually to users but through security roles. A set of roles are assigned to a user, each role having access to a set of privileges. In between duties can be assigned to one or more roles, respectively duties can contain several privileges. The model comes with a default set of security roles, which can be further extended to reflect organization's needs.
Navigating through the model via the D365FO's UI isn't that straightforward as it should be. Probably it's much easier to export to Excel the associations between roles and privileges, respectively between roles and duties, or search punctually for a certain value within the same dataset directly in the database. The following queries can be run into a non-production environment:
-- security role's assigned privileges SELECT SRO.AOTName [Role AOT Name] , SRO.Name [Role Name] , SRO.Description [Role Description] , SPI.Identifier [Privilege Identifier] , SPI.Name [Privilege Name] , SPI.Description [Privilege Description] FROM dbo.SecurityRolePrivilegeExplodedGraph SRP JOIN dbo.SecurityRole SRO ON SRP.SecurityRole = SRO.RecId JOIN dbo.SecurityPrivilege SPI ON SRP.SecurityPrivilege = SPI.RecId WHERE SPI.NAME IN ('Maintain accounts receivable aging period definitions' , 'Maintain accounts payable aging period definitions') ORDER BY SRO.AOTName
-- security role's assigned duties SELECT SRO.AOTName [Role AOT Name] , SRO.Name [Role Name] , SRO.Description [Role Description] , SDU.Identifier [Duty Identifier] , SDU.Name [Duty Name] , SDU.Description [Duty Description] FROM dbo.SecurityRoleDutyExplodedGraph SRP JOIN dbo.SecurityRole SRO ON SRP.SecurityRole = SRO.RecId JOIN dbo.SecurityDuty SDU ON SRP.SecurityDuty = SDU.RecId WHERE SRO.Name LIKE 'Accounting Manager%' ORDER BY SDU.Identifier
Below you can find a short description of the security tables considered above:
| Table | Description |
| SecurityDuty | contains the list of duties defined by the security AOT role node |
| SecurityPrivilege | contains the list of privileges defined by the security AOT role node |
| SecurityRole | contains the list of roles defined by the security AOT role node |
| SecurityRoleDutyExplodedGraph | contains the list of role to duty mappings and role to privilege mappings as defined by the AOT security role |
| SecurityRoleExplodedGraph | contains all role relationships, direct or indirect, as defined by the AOT sub role nodes of the security role nodes. |
| SecurityRolePrivilegeExplodedGraph | contains the list of role to privilege mappings and role to privilege mappings as defined by the AOT security role |
| SecurityUserRole | contains the user to role mappings |
Resources:
[1] Microsoft Dynamics 365 (2020) Security architecture [source]
[2] Microsoft Dynamics 365 (2020) Role-based security [source]
No comments:
Post a Comment