Archive for Mart 23rd, 2020

How to Authorize Dynamics 365 Finance and Operations Lower Level Form Objects?

In this article, I will try to explain how to define an authorization for any object in Dynamics 365 Finance and Operation application. I do not recommend using this. The more details you go into, the more difficult it will be to manage security. However, in some cases, this will be needed. One mistake I see in these cases is to solve this with code, not with the security infrastructure. Never write code for security related work. It seems like a quick solution at first, but there will be a lot of trouble in the future. The support and subsequent requests become very difficult to meet. In this article, I will continue with the project I used in my previous articles. We had authorized a test user for the Customers form. Now they can open the form and see its data. Assume that the Customer group field was asked to appear on this user. Let’s see how we can do this.


I add a new Privilege.


Under Privilege, right click the Form Control Permissions section and click New Form.


In the Name field, select CustTable form.


Right click on CustTable to create a new object and type the name of the object you want to authorize. Grant is the key part. With No Access, we ensure that those who own this Privilege do not see this object. It may not appear in the lookup here. It doesn’t matter, you can directly write the name. These definitions will not be sufficient. We need to change a property of the object for which we will define the authorization.


In order to make this change, we need to create an extension for our form at this stage.


Open the Extension you created. Find the object you want to authorize and from its properties, change NeedPermission to Manual. It means that you will manage the authorization of this object. It’s better to use the Extension as the first step.


Then add the Privilege to Duty we used in our previous articles.


Save and compile our project and run DB synchronization for our project only. After that, when you log in with the test user and open the Customers form, you will see that the Customer Group field does not appear.


In this article, I tried to explain how a low-level object is authorized. It can be done very simply, but if you define too many low-level authorizations, it is very difficult to work it out. Try to authorize from the entry point as much as possible.


TAGs: Microsoft Life Cycle Services, LCS, Azure, Azure DevOps, Security, Microsoft Dynamics 365, MsDyn365FO, MsDyn365CE, MsDyn365, Dynamics 365 Insights Power BI, Power Automate, Power Apss, Power Virtual Agents, what is Dynamics 365, Dynamics 365 ERP, Dynamics 365 CRM