When you want to analyze user security rights or permissions, you can use the security diagnostics tool with task recordings in Dynamics 365 Finance & Operations.
This tool is useful when you need to review user security, analyze why a user does not have the desired access, or tailor security to a specific organization.
- How to Use Security Diagnostics with Task Recorder
- The Older Way of Analyzing Security Roles
- Example Use Cases
- Limitations of the Security Diagnostics Tool
Note: Even though most customers, commentators, and consultants still call it Dynamics 365 Finance & Operations or D365FO, Microsoft now technically licenses it as Dynamics 365 Finance and Supply Chain Management.
How to Use Security Diagnostics with Task Recorder
You will need a task recording (AXTR file) of the activity that is being reviewed, stored to Lifecycle Services (LCS) or to local PC. If task recorder is not familiar to you already, see Microsoft’s task recorder resources.
- Navigate to Modules > System Administration > Security diagnostics for task recordings.
- Choose the AXTR file for the activity to diagnose.
- This will show the securable items that are available to the activity.
- Select a user to see their permissions for performing each activity. A “Yes” in the Missing permissions column identifies that the user has no access to the security item.
- Select an item row, then click on Add Reference near the top left of the security menu item details screen. This will display the security objects that grant the missing security right. Dependent on the selection of Role, Duty, or Permission, the Add menu option will update.
- In the top left of the security diagnostics window, click on Add roles to user, or Add duty to roles, or Add privilege to duty. Then you will see this screen:
- Run the diagnostic tool again, and the “Yes” under Missing permissions will disappear.
The Older Way of Analyzing Security Roles, Without Task Recorder.
It is still possible to review security roles via an older method, without task recorder. However, this older approach is best for creating a new role or a new security privilege.
You would navigate to System Administration > Security > Security Configuration. That will let you see all existing roles, privileges, etc.
However, for diagnosing problems with security privileges, the newer task recorder method I’ll explain below is much more streamlined and helpful.
Example Use Cases for Security Diagnostics in D365FO
The security diagnostic tool in D365FO is helpful if, for instance, a staff member performed a transaction in the system that they should not have been allowed to. You could make a task recording of doing the transaction, and then use security diagnostics to determine why that staff member had that permission.
Security diagnostics also come in handy to troubleshoot rights and permissions issues when you are expanding your business, or when you have people changing roles.
Limitations of the Security Diagnostics Tool
- This is not the tool to use for assigning roles to users. Use the older method for that. The security diagnostics tool is for analysis, not for user setup.
- You do need a task recording to use this tool. However, by default all system users of Finance & Operations have the ability to make task recordings.
- The user that is creating the task recording needs to have access to the windows used in the recording. So a general system user couldn’t make a recording for generating financial statements, for instance.
Read Microsoft’s documentation on security diagnostics here.
For more ways to enable your D365 Finance & Operations users more effective, check out our related blogs:
For support on advanced training about Dynamics 365, contact us.
Do you have questions about all the different terms in D365FO? Check our glossary of the most commonly asked-about terms, with definitions and examples.