Change maintenance mode for license configuration in D365

In this blog we will discuss, how to change maintenance mode for license configuration in Dynamics365. When we need to enable / disable configuration key we can do it by going at navigation System administration > Setup > License configuration by this setup we can enable / disable configuration key. By-default in D365 License configuration setup is disable due to maintenance mode is set to False. 

In order to enable or disable configuration we need to change the maintenance mode to True. There are two ways to achieve it: (1) By Sql Query, (2) By Command

By Sql Query:
--System variable table having system settings and configurations.
update SQLSYSTEMVARIABLES
--Set value to 1 (True).
set SQLSYSTEMVARIABLES.VALUE = 1
--Where clause of configuration mode.
where PARM = 'CONFIGURATIONMODE'

By Command:
C:\AosService\PackagesLocalDirectory\Bin\Microsoft.Dynamics.AX.Deployment.Setup.exe –metadatadir C:\AosService\PackagesLocalDirectory –bindir C:\AosService\PackagesLocalDirectory\Bin –sqlserver . –sqldatabase axdb –sqluser <SQL admin user id> –sqlpwd <SQL users password> –setupmode maintenancemode –isinmaintenancemode true

Note: Change drive command in my case I have "C Drive" and change SQL user and password accordingly.

After using one of the method to change the maintenance mode, restart IISServer.
That is all you need to do.

Introduction of Power BI integration in D365

In Microsof Dynamics 365 Power BI is a collection of tools and services that enables interactive visualizations and dashboards. Power BI is the tool that many users choose when they want to create interactive visualizations and self-service reports for Microsoft Dynamics 365 for Finance and Operations, Enterprise Edition You can access Power BI visualizations from PowerBI.com with a free account.

Features:

Dynamics 365 for Finance and Operations, Enterprise Edition integrates with Power BI by being a first-class source of data to Power BI authoring tools such as Microsoft Excel. After reports are authored, they can be published to PowerBI.com for collaboration and mobile access. Although dashboards and reports can be used on PowerBI.com, they can also be pinned to the Dynamics 365 for Finance and Operations, Enterprise Edition client to provide interactive visuals that are related business processes.

Pre-built Dynamics 365 for Finance and Operations, Enterprise Edition content packs from Microsoft, and also from independent software vendors (ISVs) and partners, offer ready-made analytical dashboards and reports for industry verticals. Users can deploy these content packs from PowerBI.com.

Menu items permission properties in D365

In this blog we will discuss some basic permission properties of menu items (Action, Display and Output). So lets get started.

Correct Permission

Specifies whether correct permission will be available to select when privileges are assigned to the menu item. The default value is Auto some options are as follows:

Auto: The permission will be available to select as a privilege on this menu item Privileges node under the Entry Points node.

No: The permission will not be available to select as a privilege on the menu item.

Create Permission

Specifies whether create permission will be available to select when privileges are assigned to the menu item. The default value is Auto some options are as follows:

Auto: The permission will be available to select as a privilege on this menu item Privileges node under the Entry Points node.

No: The permission will not be available to select as a privilege on the menu item.

Delete Permission

Specifies whether delete permission will be available to select when privileges are assigned to the menu item. The default value is Auto some options are as follows:

Auto: The permission will be available to select as a privilege on this menu item Privileges node under the Entry Points node.

No: The permission will not be available to select as a privilege on the menu item.

Linked Permission Type 

Specifies the type of the object pointed to by the LinkedPermissionObject property. For example, this could be a Form.

Linked Permission Object Child / Linked Permission Object 

Specifies the name of another object (for example, a form or report) whose permissions are to be applied to this menu item. Typically used with Action menu items.

Read Permission

Specifies whether read permission will be available to select when privileges are assigned to the menu item.  The default value is Auto some options are as follows:

Auto: The permission will be available to select as a privilege on this menu item Privileges node under the Entry Points node.

No: The permission will not be available to select as a privilege on the menu item.

Update Permission

Specifies whether update permission will be available to select when privileges are assigned to the menu item. The default value is Auto some options are as follows:

Auto: The permission will be available to select as a privilege on this menu item Privileges node under the Entry Points node.

No: The permission will not be available to select as a privilege on the menu item.

Security Authorization and Access Control in D365

In this blog we will discuss how to authorize users security roles that are assigned to them including process cycles, duties, privileges, and permissions.

Security Roles
All users must be assigned to at least one security role in order to have access to D365. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view. Administrators can apply data security policies to limit the data for the access of user roles.

For example a user in a role may have access to data only from a single organization. The administrator can also specify the level of access that the users in a role have to current, past, and future records and also users in a role can be assigned privileges that allow them to view records for all periods, but that allow them to modify records only for the current period.

By managing access through security roles, administrators save time because they do not have to manage access separately for each users. Security roles are defined one time for all organizations. In addition, users can be automatically assigned to roles based on business data.

For example the administrator can set up a rule that associates a Human resources position with a security role. Any time that users are assigned to that position, those users are automatically added to the appropriate security roles. Users can also be automatically added to or removed from roles based on the Active Directory groups that they belong to.

Security roles can be organized into a hierarchy. A role hierarchy enables roles to be defined as combinations of other roles.

For example the sales manager role can be defined as a combination of the manager role and the salesperson role. In the security model of D364, duties and privileges are used to grant access to the program also it can be assigned to maintain revenue policies and review sales orders duties.

By default, sample security roles are provided. All functionality in Microsoft Dynamics 365 for Finance and Operations is associated with at least one of the sample security roles. The administrator can assign users to the sample security roles, modify the sample security roles to fit the needs of the business, or create new security roles. By default, the sample roles are not arranged in a hierarchy.

Process Cycles
A business process is a coordinated set of activities in which one or more participants consume, produce, and use economic resources to achieve organizational goals.
To help the administrator locate the duties that must be assigned to roles, duties are organized by the business processes that they are part of. In the context of the security model, business processes are referred to as process cycles.

For example in the accounting process cycle, you may find the Maintain ledgers and Maintain bank transactions duties. Process cycles are used for organization only. The process cycles themselves cannot be assigned to roles.

Duties
Duties correspond to parts of a business process. The administrator assigns duties to security roles. A duty can be assigned to more than one role. In the security model for Microsoft Dynamics 365 for Finance and Operations, duties contain privileges.

For example the Maintain bank transactions duty contains the Generate deposit slips and Cancel payments privileges. Although both duties and privileges can be assigned to security roles, it is recommended that you use duties to grant access to Microsoft Dynamics 365 for Finance and Operations.

You can assign related duties to separate roles. These duties are said to be segregated. By segregating duties, you can better comply with regulatory requirements, such as those from Sarbanes-Oxley (SOX), International Financial Reporting Standards (IFRS), and the United States Food and Drug Administration (FDA). In addition, segregation of duties helps reduce the risk of fraud, and helps you detect errors or irregularities. Default duties can provide administrator to modify the privileges that are associated with a duty, or create new duties.

Privileges
In the security model for Microsoft Dynamics 365 for Finance and Operations, a privilege specifies the level of access that is required to perform a job, solve a problem, or complete an assignment. Privileges can be assigned directly to roles. However, for easier maintenance, we recommend that you assign only duties to roles. A privilege contains permissions to individual application objects, such as user interface elements and tables.

For example the Cancel payments privilege contains permissions to the menu items, fields, and tables that are required to cancel payments.

By default, privileges are provided for all features in Microsoft Dynamics 365 for Finance and Operations. The administrator can modify the permissions that are associated with a privilege, or create new privileges.

Permissions
In the security model for Microsoft Dynamics 365 for Finance and Operations, a permission grants access to logical units of data and functionality, such as tables, fields, forms, and server side methods. Only developers can create or modify permissions. The screen shot on top shows the Security configuration form where system administrators can create and edit roles and view the duties, privileges, and so on that are related.

Security Structure in D365

In D365 the security model is hierarchical, and each element in the hierarchy represents a different level of detail. Permissions represent access to individual securable objects, such as menu items and tables. Privileges are composed of permissions and represent access to tasks, such as canceling payments and processing deposits. Duties are composed of privileges and represent parts of a business process, such as maintaining bank transactions. Both duties and privileges can be assigned to roles to grant access to Microsoft Dynamics 365 for Finance and Operations.

Application Security Aligned with your Business

In earlier versions, administrators created their own user groups and manually assigned users to those groups. In Microsoft Dynamics 365 for Finance and Operations, security is role-based, and many security roles and duties are provided to help base security definitions. Using role-based security, users are assigned to roles, based on their responsibilities in the organization and their participation in business processes. Instead of identifying and granting access to application elements, the administrator assigns duties which users in the role perform. Because rules can be set up for automatic role assignment, the administrator does not have to be involved every time a user's responsibilities change. After security roles and rules are set up, role assignments are updated based on changes in business data.

Reusable Permissions

In Microsoft Dynamics 365 for Finance and Operations, a single set of roles applies across all companies and organizations. The administrator no longer has to create and maintain separate user groups for each company, as was the case in earlier versions. Even though roles themselves are not specific to a company or organization, the administrator can still specify a company or organization context for a particular user in a role.

MSDN Reference Link: Security architecture

Exception Types in Dynamics 365

In Microsoft Dynamics there are many different types of exception types. A majority of exception types are determined by the kernel and are not normally thrown by application code. All exception types can be caught and handled and it is the developers responsibility to decide which exceptions need to be handled. In Dynamics exceptions cannot be modified as it is a system enums. So users cannot add new exception types.

Info: Displays informational exceptions; for example, a certain record has been updated.

Warning: Indicates the user has performed an illegal, though nonfatal operation.

Deadlock: Informs the user that the system encountered a deadlock situation in the database (two processes trying to access the same record).

Error: Indicates a fatal error has occurred and the transaction has stopped.

Internal: Displays Microsoft Dynamics 365 for Operations and Finance internal development errors.

Break: Indicates that the user has pressed Break.

DDError: Indicates that an error occurred in the DDEkernel class.

Numeric: Indicates that an error has occurred during the use of the str2int, str2int64, or str2num functions.

CLRError: Indicates that an error has occurred during the use of the CLR functionality.  This is the error you will most often check for with integrations.

CodeAccessSecurity: Indicates that an error has occurred during the use of CodeAccessPermission.demand.

UpdateConflict: Indicates that an error has occurred in a transaction using Optimistic Concurrency Control, and that the transaction will be retried.

UpdateConflictNotRecovered: Indicates that an error has occurred in a transaction using Optimistic Concurrency Control, and that the code will not be retried.