Author Archives: Arun Garg

About Arun Garg

Microsoft Dynamics Ax Technical Consultant Arun Garg Microsoft MVP,MCP

Security Authorization and Access Control in D365

How to authorize users security roles that are assigned to them including process cycles, duties, privileges, and permissions.

Security Roles
All users must be assigned to at least one security role in order to have access to D365. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view. Administrators can apply data security policies to limit the data for the access of user roles.

For example a user in a role may have access to data only from a single organization. The administrator can also specify the level of access that the users in a role have to current, past, and future records and also users in a role can be assigned privileges that allow them to view records for all periods, but that allow them to modify records only for the current period.

By managing access through security roles, administrators save time because they do not have to manage access separately for each users. Security roles are defined one time for all organizations. In addition, users can be automatically assigned to roles based on business data.

For example the administrator can set up a rule that associates a Human resources position with a security role. Any time that users are assigned to that position, those users are automatically added to the appropriate security roles. Users can also be automatically added to or removed from roles based on the Active Directory groups that they belong to.

Security roles can be organized into a hierarchy. A role hierarchy enables roles to be defined as combinations of other roles.

For example the sales manager role can be defined as a combination of the manager role and the salesperson role. In the security model of D364, duties and privileges are used to grant access to the program also it can be assigned to maintain revenue policies and review sales orders duties.

By default, sample security roles are provided. All functionality in Microsoft Dynamics 365 for Finance and Operations is associated with at least one of the sample security roles. The administrator can assign users to the sample security roles, modify the sample security roles to fit the needs of the business, or create new security roles. By default, the sample roles are not arranged in a hierarchy.

Process Cycles
A business process is a coordinated set of activities in which one or more participants consume, produce, and use economic resources to achieve organizational goals.
To help the administrator locate the duties that must be assigned to roles, duties are organized by the business processes that they are part of. In the context of the security model, business processes are referred to as process cycles.

For example 
in the accounting process cycle, you may find the Maintain ledgers and Maintain bank transactions duties. Process cycles are used for organization only. The process cycles themselves cannot be assigned to roles.

Duties correspond to parts of a business process. The administrator assigns duties to security roles. A duty can be assigned to more than one role. In the security model for Microsoft Dynamics 365 for Finance and Operations, duties contain privileges.

For example the Maintain bank transactions duty contains the Generate deposit slips and Cancel payments privileges. Although both duties and privileges can be assigned to security roles, it is recommended that you use duties to grant access to Microsoft Dynamics 365 for Finance and Operations.

You can assign related duties to separate roles. These duties are said to be segregated. By segregating duties, you can better comply with regulatory requirements, such as those from Sarbanes-Oxley (SOX), International Financial Reporting Standards (IFRS), and the United States Food and Drug Administration (FDA). In addition, segregation of duties helps reduce the risk of fraud, and helps you detect errors or irregularities. Default duties can provide administrator to modify the privileges that are associated with a duty, or create new duties.

In the security model for Microsoft Dynamics 365 for Finance and Operations, a privilege specifies the level of access that is required to perform a job, solve a problem, or complete an assignment. Privileges can be assigned directly to roles. However, for easier maintenance, we recommend that you assign only duties to roles. A privilege contains permissions to individual application objects, such as user interface elements and tables.

For example the Cancel payments privilege contains permissions to the menu items, fields, and tables that are required to cancel payments.

By default, privileges are provided for all features in Microsoft Dynamics 365 for Finance and Operations. The administrator can modify the permissions that are associated with a privilege, or create new privileges.

In the security model for Microsoft Dynamics 365 for Finance and Operations, a permission grants access to logical units of data and functionality, such as tables, fields, forms, and server side methods. Only developers can create or modify permissions. The screen shot on top shows the Security configuration form where system administrators can create and edit roles and view the duties, privileges, and so on that are related.

Leave a comment

Posted by on July 5, 2018 in D365


Security Structure in D365

In D365 the security model is hierarchical, and each element in the hierarchy represents a different level of detail.
Permissions represent access to individual secure objects, such as menu items and tables.
Privileges are composed of permissions and represent access to tasks, such as canceling payments and processing deposits.
Duties are composed of privileges and represent parts of a business process, such as maintaining bank transactions.
Both duties and privileges can be assigned to roles to grant access to Microsoft Dynamics 365 for Finance and Operations.

  • Application Security Aligned with your Business

In earlier versions, administrators created their own user groups and manually assigned users to those groups. In Microsoft Dynamics 365 for Finance and Operations, security is role-based, and many security roles and duties are provided to help base security definitions. Using role-based security, users are assigned to roles, based on their responsibilities in the organization and their participation in business processes. Instead of identifying and granting access to application elements, the administrator assigns duties which users in the role perform. Because rules can be set up for automatic role assignment, the administrator does not have to be involved every time a user’s responsibilities change. After security roles and rules are set up, role assignments are updated based on changes in business data.

  • Reusable Permissions

In Microsoft Dynamics 365 for Finance and Operations, a single set of roles applies across all companies and organizations. The administrator no longer has to create and maintain separate user groups for each company, as was the case in earlier versions. Even though roles themselves are not specific to a company or organization, the administrator can still specify a company or organization context for a particular user in a role.

Leave a comment

Posted by on July 5, 2018 in D365


Change maintenance mode for license configuration in D365

How to change maintenance mode for license configuration in Dynamics365. When we need to enable / disable configuration key we can do it by going at navigation System administration > Setup > License configuration  by this setup we can enable / disable configuration key. By-default in D365 License configuration setup is disable due to maintenance mode is set to False

In order to enable or disable configuration we need to change the maintenance mode to True. There are two ways to achieve it: (1) By Sql Query(2) By Command

By Sql Query:
–System variable table having system settings and configurations.
–Set value to 1 (True).
–Where clause of configuration mode.

By Command:
C:\AosService\PackagesLocalDirectory\Bin\Microsoft.Dynamics.AX.Deployment.Setup.exe –metadatadir C:\AosService\PackagesLocalDirectory –bindir C:\AosService\PackagesLocalDirectory\Bin –sqlserver . –sqldatabase axdb –sqluser <SQL admin user id> –sqlpwd <SQL users password> –setupmode maintenancemode –isinmaintenancemode true

Note: Change drive command in my case I have “C Drive” and change SQL user and password accordingly.

After using one of the method to change the maintenance mode, restart IISServer.

Leave a comment

Posted by on July 5, 2018 in D365


Copy a Finance and Operations database from Azure SQL Database to a SQL Server environment


To move a database, you use the sqlpackage.exe command-line tool to export the database from Azure SQL Database and then import it into Microsoft SQL Server 2016. Because the file name extension for the exported data is .bacpac, this process is often referred to as the bacpac process.

The high-level process for a database move includes the following phases:

  1. Create a duplicate of the source database.
  2. Download the latest SSMS  Link version number should be greater than Release number: 17.7
  3. Run a SQL script to prepare the database.
  4. Export the database from the Azure SQL database.
  5. Import the database into SQL Server 2016.
  6. Run a SQL script to update the database.

Before you begin

Stop the following services

  • Microsoft batch server
  • Data import/ Export Service
  • IIS services

Now Create Copy of the source database with the help of below script.


This SQL statement runs asynchronously. In other words, although it appears to be completed after one minute, it actually continues to run in the background. For more information, see CREATE DATABASE (Azure SQL Database). To monitor the progress of the copy operation, run the following query against the MASTER database in the same instance.

SELECT * FROM sys.dm_database_copies

After compilation of copy database remove the extra schemas if they are there


Above mentioned schema need to remove from your newly copy database.

After above action remove some user manually the script provided by Microsoft will not remove them even throw an error while deleting. So you have to remove them manually.

After this execute the below script which is available in MS

–Prepare a database in Azure SQL Database for export to SQL Server.

–Disable change tracking on tables where it is enabled.


@SQL varchar(1000)

set quoted_identifier off

declare changeTrackingCursor CURSOR for


from sys.change_tracking_tables c, sys.tables t

where t.object_id = c.object_id

OPEN changeTrackingCursor

FETCH changeTrackingCursor into @SQL

WHILE @@Fetch_Status = 0



FETCH changeTrackingCursor into @SQL


CLOSE changeTrackingCursor

DEALLOCATE changeTrackingCursor

–Disable change tracking on the database itself.





–Remove the database level users from the database

–these will be recreated after importing in SQL Server.


@userSQL varchar(1000)

set quoted_identifier off

declare userCursor CURSOR for

select ‘DROP USER ‘ + name

from sys.sysusers

where issqlrole = 0 and hasdbaccess = 1 and name <> ‘dbo’

OPEN userCursor

FETCH userCursor into @userSQL

WHILE @@Fetch_Status = 0



FETCH userCursor into @userSQL


CLOSE userCursor


–Delete the SYSSQLRESOURCESTATSVIEW view as it has an Azure-specific definition in it.

–We will run db synch later to recreate the correct view for SQL Server.

if(1=(select 1 from sys.views where name = ‘SYSSQLRESOURCESTATSVIEW’))


–Next, set system parameters ready for being a SQL Server Database.

update sysglobalconfiguration

set value = ‘SQLSERVER’

where name = ‘BACKENDDB’

update sysglobalconfiguration

set value = 0

where name = ‘TEMPTABLEINAXDB’

–Clean up the batch server configuration, server sessions, and printers from the previous environment.




–Remove records which could lead to accidentally sending an email externally.

UPDATE SysEmailParameters



UPDATE LogisticsElectronicAddress


WHERE Locator LIKE ‘%@%’


TRUNCATE TABLE PrintMgmtSettings

TRUNCATE TABLE PrintMgmtDocInstance

–Set any waiting, executing, ready, or canceling batches to withhold.





— Clear encrypted hardware profile merchand properties


Export the database

Open a Command Prompt window and run the following commands.

cd C:\Program Files (x86)\Microsoft SQL Server\140\DAC\bin

SqlPackage.exe /a:export / /sdn: /tf:D:\Exportedbacpac\my.bacpac /p:CommandTimeout=1200 /p:VerifyFullTextDocumentTypesSupported=false /sp: /su:

Here is an explanation of the parameters:

  • ssn (source server name) – The name of the Azure SQL Database server to export from.
  • sdn (source database name) – The name of the database to export.
  • tf (target file) – The path and name of the file to export to.
  • sp (source password) – The SQL password for the source SQL Server.
  • su (source user) – The SQL user name for the source SQL Server. We recommend that you use the sqladmin user. This user is created on every Finance and Operations SQL instance during deployment. You can retrieve the password for this user from your project in Microsoft Dynamics Lifecycle Services (LCS).

Screen shot of exporting database

After compilation of Export of the database upload over LCS and download on the target Machine where you need to import database.

Import the database

When you import the database, we recommend that you follow these guidelines:

  • Retain a copy of the existing AxDB database, so that you can revert to it later if you must.
  • Import the new database under a new name, such as AxDB_XXX.

To help guarantee the best performance, copy the *.bacpac file to the local computer that you’re importing from. Open a Command Prompt window and run the following commands.

Use the following script to import database

cd C:\Program Files (x86)\Microsoft SQL Server\140\DAC\bin

SqlPackage.exe /a:import /sf:D:\Exportedbacpac\my.bacpac /tsn:localhost /tdn: /p:CommandTimeout=1200

Here is an explanation of the parameters:

  • tsn (target server name) – The name of the SQL Server to import into.
  • tdn (target database name) – The name of the database to import into. The database should not already exist.
  • sf (source file) – The path and name of the file to import from.

For me Script look like…

SqlPackage.exe /a:import /sf:C:\backup\AxDB.bacpac /tsn:localhost /tdn:AxDBUAT /p:CommandTimeout=1200

Update the database

Run the following SQL script against the imported database. This script adds back the users that you deleted from the source database and correctly links them to the SQL logins for this SQL instance. The script also turns change tracking back on. Remember to edit the final ALTER DATABASEstatement so that it uses the name of your database.

CREATE USER axdeployuser FROM LOGIN axdeployuser

EXEC sp_addrolemember ‘db_owner’, ‘axdeployuser’

CREATE USER axdbadmin FROM LOGIN axdbadmin

EXEC sp_addrolemember ‘db_owner’, ‘axdbadmin’

CREATE USER axmrruntimeuser FROM LOGIN axmrruntimeuser

EXEC sp_addrolemember ‘db_datareader’, ‘axmrruntimeuser’

EXEC sp_addrolemember ‘db_datawriter’, ‘axmrruntimeuser’

CREATE USER axretaildatasyncuser FROM LOGIN axretaildatasyncuser

EXEC sp_addrolemember ‘DataSyncUsersRole’, ‘axretaildatasyncuser’

CREATE USER axretailruntimeuser FROM LOGIN axretailruntimeuser

EXEC sp_addrolemember ‘UsersRole’, ‘axretailruntimeuser’

EXEC sp_addrolemember ‘ReportUsersRole’, ‘axretailruntimeuser’

CREATE USER axdeployextuser FROM LOGIN axdeployextuser

EXEC sp_addrolemember ‘DeployExtensibilityRole’, ‘axdeployextuser’


EXEC sp_addrolemember ‘db_owner’, ‘NT AUTHORITY\NETWORK SERVICE’

UPDATE T1 SET T1.storageproviderid = 0    , T1.accessinformation = ”

    , T1.modifiedby = ‘Admin’    , T1.modifieddatetime = getdate()

FROM docuvalue T1

WHERE T1.storageproviderid = 1 –Azure storage



DROP PROCEDURE IF EXISTS SP_ConfigureTablesForChangeTracking

DROP PROCEDURE IF EXISTS SP_ConfigureTablesForChangeTracking_V2


— Begin Refresh Retail FullText Catalogs






OPEN retail_ftx;





            PRINT ‘Refreshing Full Text Index ‘ + @RFTXNAME;

            EXEC SP_FULLTEXT_TABLE @RFTXNAME, ‘activate’;



            FETCH NEXT FROM retail_ftx INTO @RFTXNAME;




      PRINT error_message()


CLOSE retail_ftx;

DEALLOCATE retail_ftx;

— End Refresh Retail FullText Catalogs

Enable change tracking

If change tracking was enabled in the source database, ensure to enable change tracking again in the newly provisioned database in the target environment using the ALTER DATABASE command.

To ensure current version of the store procedure (related to change tracking) is used in the new database, you must enable/disable change tracking for a data entity in data management. This can be done on any entity as this is needed to trigger the refresh of store procedure.

Re-provision the target environment

When copying a database between environments, you will need to run the environment re-provisioning tool before the copied database is fully functional, to ensure that all Retail components are up-to-date.

Follow these steps to run the Environment reprovisioning tool.

  1. In the Shared asset library, select Software deployable package.
  2. Download the Environment reprovisioning tool.
  3. In the asset library for your project, select Software deployable package.
  4. Select New to create a new package.
  5. Enter a name and description for the package. You can use Environment reprovisioning tool as the package name.
  6. Upload the package that you downloaded earlier.
  7. On the Environment details page for your target environment, select Maintain > Apply updates.
  8. Select the Environment reprovisioning tool that you uploaded earlier, and then select Apply to apply the package.
  9. Monitor the progress of the package deployment.

Start to use the new database

To switch the environment and use the new database, first stop the following services:

  • World Wide Web Publishing Service
  • Microsoft Dynamics 365 Unified Operations: Batch Management Service
  • Management Reporter 2012 Process Service

After the services have been stopped, rename the AxDB database AxDB_orig, rename your newly imported database AxDB, and then restart the three services.

To switch back to the original database, reverse this process. In other words, stop the services, rename the databases, and then restart the services.

Reference :


Leave a comment

Posted by on June 14, 2018 in Azure database, Uncategorized


Tips & Tricks for Debugging in Visual Studio for D365

In this blog, I have covered some tips and tricks supported for D365 in Visual studio.

Tip # 1 – Pin data tips
While debugging code we have frequently hover over data tips in order to see the values contains in variables. In VS we can pin the data tip for the variable to give our-self quick access. To pin the data tip, click the pin icon while hovering over it. You can pin multiple variables.

First way to pin is to select your variable and right-click it as shown in image.

Second way to pin is to hover your variable click pin icon.

Tip # 2 – Conditional Break points
If it is difficult or time-consuming to recreate a particular state in your app, consider whether the use of a conditional breakpoints can help. Right-click a break-point icon (the red ball) and choose Conditions. In the Break-point Settings window, type an expression.

Tip # 3 – Track an out-of-scope object
We can view variables values using debugger window. However, when a variable goes out of scope in the Watch window, you may notice that it is grayed out. In VS we can track those variable by creating an Object ID for it in the Watch window.

To Create an object Id:
– Set a break-point near a variable that you want to track.
– Stop your break-point at your variable.
– Find variable in the Locals window (Debug > Windows > Locals), right-click the variable, and select Make Object ID.
– Right-click the object ID variable and choose Add Watch.

Tip # 4 – View return values for functions
In order to view return values for your functions, look at the functions that appear in the Autos window to see the return value for a function, make sure that the function you are interested in has already executed.

Tip # 5 – Format your string in a visualizer
When working with strings, it can be helpful to view the entire formatted string. To view a plain text, XML, HTML, or JSON string, click the magnifying glass icon Visualizer Icon while hovering over a variable containing a string value.

Tip # 6 – Manage breakpoints
In VS when we set-up some breakpoints and now we need to switch one-off for as it’s getting hit too much but we will need it again for debugging. If we remove the break-point we’ll have to come back and find it again. So instead of removing the break-point we can use Break-point window. This window will show all breakpoints you have set but crucially lets you disable them without un-setting them by simply removing the check-mark. Check it again to re-enable it.

Tip # 7 – Break into code on handled exceptions
The debugger breaks into your code on unhandled exceptions. However, handled exceptions can also be a source of bugs and you may want to investigate when they occur. We can configure the debugger to break into code for handled exceptions as well by configuring options in the Exception Settings dialog box. Open this dialog box by choosing Debug > Windows > Exception Settings. Also in the dialog box window you can search your relevant exception in which you want to break the code when exception occur.

Reference Link: 
1- Tips & Trick to debug in visual studio
2- Visual Studio Debugging Tips That Will Lighten Your Load

Leave a comment

Posted by on May 21, 2018 in D365, Debugging, Uncategorized



Get Last Selected Value on Form Control

Problem: Store last selection in the form by user

There was a requirement to store user’s last selection on the form – i.e. the site selected last time should be populated automatically when the user opens the same form again. So if the user selected siteInventory details inquiry Dynamics AX “E” the form should remember it the next time.

Solution: We can solve this problem by implementing standard Ax syslastvalue/Pack-Unpack methods. Here we store the value in variable for current user session and based on user, current extension etc. To develop this functionality add the following code on the form.

Code: Add these methods on the form and it will start working:

//class declaration

public class FormRun extends ObjectRun


InventSiteId                    site;








public container pack()


return [#CurrentVersion,#CurrentList];



// Unpack

public boolean unpack(container packedClass)


int version;


version = RunBase::getVersion(packedClass);



[version,#CurrentList] = packedClass;

return true;


return false;



//Site sysLastValue: This method is use to initialize default value

Public void initParmDefault()



site = “SiteA”;



//Site sysLastValue: This method is use to store dataAreaId for current user

public dataAreaId lastValueDataAreaId()


return curext();



//Site sysLastValue: This method returns the name of caller

public identifiername lastValueDesignName()


return element.args().menuItemName();



//Site sysLastValue: This method returns the name of form/object

public identifiername lastValueElementName()





//Site sysLastValue: This method returns the type of caller

public UtilElementType lastValueType()


return UtilElementType::Form;



//Site sysLastValue: This method returns the name of current user

public userId lastValueUserId()


return curuserid();



//Site sysLastValue: on form close save site value

public void close()


site = StringEditSiteId.valueStr();





//Site sysLastValue: on run assign value to form control

public void run()



//get the last value stored in cache

//here unpack method used


//set the last user selection on the field- this is form control for siteId



Reference :

Leave a comment

Posted by on May 17, 2018 in AX 2012, D365, Syslastvalue


Debugging in D365 using VS2015 (When symbols are not loaded)

Leave a comment

Posted by on March 28, 2017 in Uncategorized

Anitha Eswaran - Dynamics Ax

Microsoft Dynamics Ax blog


AxaptaHut ax = new AxaptaHut();

All About Dynamics 365

Dynamics 365, D365, Implementor

Syed Rafay Ali

This blog contains information about Functional techniques and guidelines in Microsoft Dynamics AX, including tips, tricks, tutorials, tools and upcoming news enhancement in Microsoft Dynamics Ax

Philippsen's Blog

Everyday findings in my world of .net and related stuff

Microsoft Dynamics AX

A great site


All things Blockchain, AI and IoT

Dynamics Ax

Technical Knowledge


A blog about implementing Microsoft Dynamics AX and Dynamics 365 for Operations

Microsoft Dynamics 365 Blog

Blog by Sandeep Chaudhury, A Microsoft Enthusiast

DEVSerra - Dynamics AX development blog

Your official Microsoft Dynamics AX blog.


Discovering Dynamics


A blog by Hai Nguyen

Learn Dynamics Ax with Johnkrish

Live as if you were to die tomorrow. Learn as if you were to live forever - Mahatma Gandhi ****** The more I learn, the less I know - Albert Einstein

Twisted Untwirled

Just another site


Just another site