In an earlier blog post I went into great detail on the changes to the Security Development Tool from AX 2012 to D365FO: How To Simulate the Security Development Tool in D365FO
In that post, I pointed out that one of the features that was currently missing was the ability to open a test workspace for a particular role or roles to analyze their access. Well through numerous posts with different D365FO community members, a way to add this functionality has been found. Here is how to add this functionality.
1. So the first thing to know, is that this tooling already existed internally at Microsoft we just have to expose it to the Visual Studio user interface. If you RDP to your D365 development box and go to the following path you will find a Visual Studio extension installer:
So as an example, on my machine this happened to be the following path:
This is a Visual Studio extension file, if you double click and install this extension you will notice that a number of options are added to your Dynamics 365 -> Add-ins menu.
2. One of the added menu items in this list is ‘View with Role Set’ which is the tool we are looking for
3. Click on this opens the dialog below, from here you can select a ‘Role Set’ that you would like to use. One nice feature is that you can select an already existing users and see what roles that user is currently assigned or you can create a new role set and start from scratch. The idea below is to move the roles you would like to test to the Assigned Roles side from the Available Roles. Users who have experience with this feature in AX 2012 will notice one big difference is that you can now very easily select multiple roles to test at once, by default in AX 2012 you could only test one role at a time (you could get around this by using subroles but it was not very user friendly). Once you are satisfied with your choices you can click the OK button.
4. This will launch a test environment with the role(s) you have selected to let you see what a user would have access to if they were to be assigned those roles. Some things to point out:
- A test user is actually created for this purpose and is assigned the role(s) selected, this user will show up in your user list in your environment (this user also has to be enabled)
- All tests need to be assigned the SystemUser role otherwise you will get errors launching the test environment as most roles do not have explicit access to the initial dashboard (which is always the first screen to load in the testing environment)
This feature set was the last piece to the puzzle of features that existed in the Security Development Tool that did not exist in D365FO. Hopefully this feature will become part of the default Visual Studio experience and become a little more user friendly but it’s definitely a good thing to know that this feature is there.