Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, Power Apps, Power Automate, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates and new features to Dynamics 365 planned through March 2020
Release overview guides and videos Release Plan | View virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
What is the methodology that you are following for upgrade related security testing? I am planing to create following script
For each enabled user
---> Loop through all user roles.
--------> create a user - menu item lines with least effective access for read/update/create/delete (we don't use entities and our security is only on menu items so don't care about other objects)
Compare the output with previous version and investigate the difference.
Any thoughts? and has anyone already written similar script that they can share? :)
I'm not able to understand what you exactly mean with your script. What is it what you want to validate? What would the script do?
Note that sometimes, Microsoft is changing a menu item in a menu. If you have custom roles, the new menu item might not have permissions. In that case, a menu item can be missing in a certain role.
Our auditors want to validate that security access to users has not changed due to version upgrade.
Every change on security is logged and can be reviewed in the system administration area. Then you can verify if there are changes which needs to be reviewed.
I am afraid our auditors need a comprehensive picture that can show what has changed and what has not changed but I will take a look into what you have suggested. Thanks.
As Andre mentioned, you can track all changes to user-role assignments and such.
About tracking other changes, I understand the problem, but...
But if Microsoft changes content of out of the box roles, duties and privileges, that's not tracked in the system.
Do your auditors really demand you to detect Microsoft's changes in Microsoft's cloud solution? If such requirement exists, I would ask Microsoft to provide such information, instead of every customer having to solve this. If it's a general requirement (based on legislation) (which I doubt a bit), then I would assume there's a lot of pressure on Microsoft to provide such info.
However all changes that your developers make to security elements can be tracked in the version control history.
Business Applications communities