[Calvin Eddings]

Thanks to the user group on this forum.  I have gotten great input to my posts and learned a lot by reading posts and responses of others!

Here is my situation – there is a button and pop-up form that is only available to sysadmins because it has been locked down.  The form prior to the pop-up allows me to see security diagnostics screen and see some related duties and privileges.  When i investigated, I can see that some privileges have deny in the ‘view permissions’ area of security config form.  The access does need restricted but I need a couple managers to have access to this screen, not just sysadmins.

I would appreciate any input or ideas you may have.

Thanks!

——————————
Calvin Eddings
The Church of Jesus Christ of Latter-Day Saints
Salt Lake City UT
——————————

[Vijay Dodia]

Hi Calvin, 
Can you able to confirm which form and button you trying to provide access for? 

Cheers
Vijay

——————————
Vijay Dodia
DXC Technology
Melbourne VI
——————————
——————————————-

[Alex Meyer]

Calvin,

The Deny permission in D365FO is explicit, meaning that it overrides any other grants to an object at that access type level. If the Read permission of an object is set to Deny then that object will not be available to the user in any way.

If you want to use current roles/duties/privileges and modify them to provide access you will need to find the privilege(s) that are denying the access to this object, clone them, and remove the Deny assignment to the object(s) in question. Then also be sure to grant the necessary assignment to the object(s).

The other option in this case would be to create a separate role/duty/privilege combination that grants the necessary access to this area and then assign that to the user(s) that should have this access. You will also then have to be sure not to assign any other role that would Deny access to the object.

——————————
Alex Meyer
Director of Dynamics AX/365 for Finance & Operations Development
Fastpath
Des Moines, IA
——————————
——————————————-

[Calvin Eddings]

Sorry for the delayed response.

1.Vijay, the form I am working with is Master planning / setup / soft allocation / demand sequences.  The button I am working with is in the grid – there is +Add Remove Query, and I am wanting to enable the Query button.  I think our consultants set the button so it would not be available in out of box roles.

2.Alex, in regards to your response, suggesting I find the privilege that is denying access, i think i have found it: ‘View demand sequences’ (custom i think).  It has the permissions set to deny when I view permissions.  Can I adjust these permissions in the application or do they have to be adjusted in AOT? 

——————————
Calvin Eddings
The Church of Jesus Christ of Latter-Day Saints
Salt Lake City UT
——————————
——————————————-

[Alex Meyer]

Calvin,

As Andre mentioned you would want to make this modification wherever the privilege was created. The one thing I will note here is that if you want to only Deny certain access types (for example, Deny access to Update, Create, Delete but do not touch Read access), that can only be done from the user interface. In the AOT, you only have the option to Deny the object completely.

——————————
Alex Meyer
Director of Dynamics AX/365 for Finance & Operations Development
Fastpath
Des Moines, IA
——————————
——————————————-

[André Arnaud de Calavon]

Hi Calvin,

Related to changing the deny access. You can change it in the application. That would have priority above the AOT settings. If the deny was set in the application before, you can’t change it in the AOT.

——————————
kind regards,

André Arnaud de Calavon
Product manager, Microsoft MVP – Microsoft Dynamics Business Solutions
——————————
——————————————-