web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Restrict manipulation ...
Finance | Project Operations, Human Resources, ...
Answered

Restrict manipulation of the xml from Payment vendor journal

(1) ShareShare
ReportReport
Posted on by Adis 6,069 Super User 2025 Season 2
Dear all,
 
We implemented a workflow for the vendor payment journal, so that at least one additional person has to approve the vendor payments. After the approval, the xml file can be created (downloaded) and uploaded to the bank.
 
The xml can still be manipulated when it is downloaded. Although, it is very unlikely that an accountant has the knowledge to change bank details of an xml file, its still possible. We need\should restrict that. 
 
My question is, how do you handle this business case?
 
Is there a way to send the xml file directly to the bank and how much effort is it to configure such a process?
Can (windows) users be restricted to manipulate xml files?
Other ideas? 
 
Thank you in advance, Adis
 
 
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Suggested answer
    Holly Huffman Profile Picture
    Holly Huffman 6,538 Super User 2025 Season 2 on at
    Good morning, afternoon, or evening :) depending on your location!
     
    Sharing a few thoughts -
    1. Sending XML Files Directly to the Bank
    • Solution: Many banks offer API integrations or secure file transfer protocols (like SFTP) to directly send payment XML files to the bank from Dynamics 365 Finance and Operations (D365FO). Configuring this process would involve:
      • Setting up integration with the bank's APIs or SFTP.
      • Mapping the data fields from D365FO's payment journal XML to the bank's required format.
      • Implementing secure authentication protocols (e.g., OAuth or certificates) to ensure safe transmission.
    • Effort: Depending on the bank's requirements, this could range from moderate to significant effort. It may require collaboration between your IT team, the bank, and possibly Microsoft consultants to configure the integration.
    2. Restrict Windows Users from Manipulating XML Files
    • Solution: You can restrict manipulation of downloaded XML files on a Windows system by:
      • Using file permissions: Ensure that only authorized users have access to modify or even open the downloaded XML file. This can be done via NTFS file permissions in Windows.
      • Leveraging Windows Information Protection (WIP): This feature allows you to protect corporate data (like XML files) from being modified by unauthorized apps or users.
      • Encrypting the XML file: Add encryption to the XML file post-download to make it unreadable without authorized tools.
    • Effort: This is relatively low effort and can be handled by the IT team with existing tools in the Windows ecosystem.
    3. Other Ideas to Restrict Manipulation
    • Digital Signatures: Apply digital signatures to the XML file so any manipulation would render the file invalid. This ensures that tampering is easily detectable.
    • Use Secure Databases: Instead of downloading the XML file, you can store it in a secure database from where only authorized applications (like the bank's integration system) can retrieve it for transmission.
    • Log Activities: Implement audit logs in D365FO to track all activities related to the XML file. Even if a user tries to manipulate it, the changes can be traced back.
    4. Recommendations
    • For maximum security, I suggest exploring direct integration with the bank's systems to bypass the need for file downloads altogether. This eliminates the risk of manipulation at the user level.
    • Restricting file access and implementing encryption are good measures to reduce risk for situations where direct integration isn't feasible.
     
    Hope this helps some! 
  • Verified answer
    Martin Dráb Profile Picture
    Martin Dráb 237,965 Most Valuable Professional on at
    Yes, F&O can communicate with banks directly.
     
    Several ISVs offer solutions for integration with banks - check if any of them match your needs and if the price is reasonable, you may be done without any custom development.
     
    If you want to develop it on your own, you can use electronic reporting, Power Platform, generate API client in C# and use it in X++ and so on. But as with any other software project, you'll need to start by collecting business requirements (e.g. which banks you need to integrate with).
     
    You can't give user a text file and prevent it from changing the file. In theory, you could either use a different file format (e.g. put the XML file to a password-protected ZIP archive) or detect changes (e.g. using an electronic signature). But I doubt it's applicable to your scenario.
  • Adis Profile Picture
    Adis 6,069 Super User 2025 Season 2 on at
    Alright, thanks @Martin Dráb

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 451 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 428 Super User 2025 Season 2

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 239 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans