After a great week at Summit 2019 time to get back at it! One of the things I heard repeatedly throughout the sessions I did and numerous people who stopped by our booth was that moving/migrating D365FO security between environments is extremely difficult and not intuitive/user-friendly at all, which I have to agree with. You may remember I created the D365FO Security Converter Tool in the past to help with this, but there was some key features missing:

  1. Being able to select which security elements to export (not exporting all security changes)
  2. Being able to export not only to code security elements but also a user interface security XML that you can take to another environment and import

After listening to the feedback last week, I decided that this was a tool that needed to be created for the community.

D365FO Security Converter 2.0

GitHub Project Link

Direct Download Link

For the explanation of the key features below I created the following security scenario in the user interface. I created a role, which was assigned a subrole, which was assigned a duty, which was assigned a privilege, with an object assignment like so the hierarchy looked like this:

  • TestRole
    • TestSubRole
      • TestDuty
        • TestPriv
          • AbatementCertificate_IN (Menu Item Display) -> Read access

Key Features

1. Ability to multi-select which security layers you want to export

This also has business logic that determines if a security layer is dependent on another security layer so in the example above if I select the TestRole row all of the objects it is dependent on beneath it are also selected (the subrole, duty, and privilege assigned to the test role in this case). This ensures that you do not generate a security XML that is not valid.

2. The ability to rename security layers still exist. Instead of leaving them as the GUID’s that Microsoft assigns, we can rename them to be more user friendly.

3. Finally you get the option to either export to a user interface XML (that you can take and import in another environment) or to code elements (which is the same functionality as before)

Code Option:

User Interface Option:

How to Import

Importing via the code option was covered in my previous post, importing via the UI however is new. If we take the output from above and import it we can see that the structure of the security layers is correct and the system names have successfully been changed (no longer GUIDs).


Hopefully this tool will be helpful in migrating security between environments. I’m looking forward to getting feedback from users on the tool!

We are in the process of adding this functionality to our Fastpath Security Designer module for D365FO in our next release, which will give our users a much better experience moving/migrating security that are already using that module to complete their security design and implementation. If you want a complete solution to help design and configure D365FO security while analyzing changes for SOD and licensing impact you will want to check it out.