web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Security in Web UI or ...
Finance | Project Operations, Human Resources, ...
Answered

Security in Web UI or AOT, which takes priority?

(5) ShareShare
ReportReport
Posted on by ScottG17 84
Our team is in the middle of a project to migrate from AX 2012 to D365, and our dev team has taken an approach to make all development changes, including security, in AOT and build it to each environment.  It's a fine approach but obviously there is overhead in having to wait until the next day for the AOT changes to be built.  In my security tests, I have made a few changes in one of our test environments using the Web UI to see if the changes will work.  It's been a good approach and I like how immediate the security changes take effect.  I ran into an issue though and would like your input.  
 
I read that the Web UI security changes take precedence over any AOT changes, and it appears I have proven that's the case with a recent security change, but I'm not sure on how to fix, or stop the web UI security changes from taking precedence over the AOT change I made.  Here is the scenario:
 
We have two test environments, Test1 and Test2.  Using the Web UI in Test2 I made a security change to a privilege and published it, allowing a button control to be visible on a custom form.  It was a quick change and allowed me to see if it would work, and it worked perfectly.  Knowing our team expects these changes to be made only in AOT, I changed the form control privilege back to its original setting in the Test2 Web UI, then published it so the button no longer appears.
 
Then I made the same security privilege change in AOT and our IT team built it to both of the Test1 and Test2 environments last night.  This morning I can see that the button is now visible in Test1, so the AOT security privilege change properly deployed to that environment.  But the button is still NOT visible in Test2 where I had been making the security changes using the Web UI.  The IT team verified last night's deployment was successful to both Test1 and Test2.  So it appears that my Web UI change to disable the button from being visible is taking precedence over the AOT deployment.
 
So my question is, how can I have the AOT changes be deployed to the Test2 environment?  Is this change forever "locked" in Test2 where the Web UI will take precedence of any security changes for this specific privilege?  I may be missing something obvious on this but I wanted to reach out to hear any thoughts on how to fix this, and any guidance on best practices are much appreciated.
 
Thank you,
Scott
 
 
 
 
 
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,730 Super User 2026 Season 1 on at
    Hi Scott,

    I have seen changes in the past that are merged correctly. I haven't tried form control overrides. At least there is a change between how form controls are stored in the UI and how it is working from the AOT. That can be the culprit here. I wrote about the changes in a small section on my blog post about form control permissions: Securing a menu item is not enough - form controls - Dynamicspedia
     
    In case the configuration changes are preventing the new AOT changes to become active, you can execute the action Data > Remove customizations from the Security configuration form. This will remove all configurations in the current environment. In case you have other configuration changes that needs to be kept, you can Export the security configurations first. You can edit the XML with security customizations before importing back the changes that needs to be brought back into the environment.


    PS. As this question is about Dynamics 365 F&O, I have moved the question to the correct forum.
     
  • ScottG17 Profile Picture
    ScottG17 84 on at
    Thanks André for your insight and guidance on this.  I've been considering the Remove Customizations option, especially since this would only be done in one of our test environments.  I appreciate that you shared the export/import capability.  Overall, I believe we are safe to remove the customizations as I have not made that many changes in the web UI.
     
    But one additional question I have is regarding the complete impact of running the Remove Customizations option.  Will it remove any/all of the user/role relationships we have spent many weeks assigning?  That effort was just completed using the Web UI (can't be done in Visual Studio) and does not exist yet in any other environment, so I'd really like to not lose all of that work :)  
     
    Please forgive my newbie questions on this as we are just getting familiar with some of these tools, and I want to be sure to fully understand them before I take next steps.  
     
    Thanks again for your help!
    Scott
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,730 Super User 2026 Season 1 on at
    Hi Scott,
     
    For the removal of customizations, it will not remove user role assignments, unless the role was newly configured in this environment. As you mentioned that the roles are managed in Visual Studio, there is no risk involved for your environment.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 616

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 460 Super User 2026 Season 1

#3
Syed Haris Shah Profile Picture

Syed Haris Shah 331 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans