Dynamics F/SCM
Dynamics F/SCM
Organizer:
- JOSE Organized by
-
-
SoD options
-
SoD options
-
Hello,What solutions can be used for segregation of duties mitigation in AX2012R3?
——————————
Serge
—————————— -
Serge,
Dynamics AX has native SOD functionality built within the application, this can be found in System Administration -> Setup -> Security -> Segregation of Duties
Here you can set up your conflicts (ruleset) and looks to see if any of your current users have conflicts based on the roles they are assigned. There are a number of gaps with this solution though:
– No out of box conflicts/ruleset, this means you have to create the the rules yourself
– Conflicts are analyzed at the duty level not the object level
Ā Ā – Because it does not go down to the object level there are a number of cases that can lead to false positives/false negatives within your resulting analysis
Ā Ā – Numerous ways to subvert this analysis (privilege to role assignment, using AD group security, along with others) which means not all user access is being analyzed asĀ Ā Ā Ā part of the analysis
Ā Ā – In AX 2012, there is no way to easily provide a mitigation for these conflicts (there is a place to do this in D365FO).I go over these gaps more thoroughly here:
https://www.gofastpath.com/blog/fastpath-vs-dynamics-ax-d365fo-segregation-of-duty-analysis-comparisonThere are other 3rd party solutions that help meet these gaps. Please feel free to reach out with any questions.
——————————
Alex Meyer
Director of Dynamics AX/365 for Finance & Operations Development
Fastpath
Des Moines, IA
——————————
——————————————- -
Alex
Can you explain what is meant by AD (active directory) group security?Ā How can that be used to give access in AX?Ā And how would it subvert the out of box SoD functionality?Thanks
Calvin——————————
Calvin Eddings
The Church of Jesus Christ of Latter-Day Saints
Salt Lake City UT
——————————
——————————————- -
Calvin,
Dynamics AX/365FO has functionality that you can use AD groups to set up security. I wrote about the process in D365FO here:Ā https://alexdmeyer.com/2019/02/10/configuring-azure-ad-group-security-in-d365fo/
During this process users in an AD group are set up in D365FO as a user and assigned the System User role but no other roles, all other access is inherited from the AD group they are a part of. Because of this, these types of users will not show up in the SOD analysis within AX/D365FO because the user isn’t directly assigned duties which is how the native SOD functionality determines conflicts.
——————————
Alex Meyer
Director of Dynamics AX/365 for Finance & Operations Development
Fastpath
Des Moines, IA
——————————
——————————————- -
Hi,
I got a very expensive quote from fastpath. Is there other segregation of duties software from 3rd party?
Best regards,
Serge
——Original Message——
Alex
Can you explain what is meant by AD (active directory) group security?Ā How can that be used to give access in AX?Ā And how would it subvert the out of box SoD functionality?Thanks
Calvin——————————
Calvin Eddings
The Church of Jesus Christ of Latter-Day Saints
Salt Lake City UT
—————————— -
?
Hi Serge,
Ā
My name is Paul Vaughan and I am currently employed with an MCA Connect, a Dynamics Partner.Ā Prior to coming to MCA Connect I was a user and implementer around AX 2012 for the company where I worked.Ā We chose to purchase the Fastpath suite of products to help us not only with SOD needs but with Licensing control and true-up along with Base Data change tracking.Ā Their tool allowed me as a user to identify where we had license exposure that would have cost our company several thousand dollars.Ā We were able to correct that exposure by using the Fastpath tool to easily drill down to the Permission level where the license is identified.
Ā
When I came to work for MCA Connect 4 years ago, we partnered with Fastpath to create an offering to our clients using their Fastpath Assure tool doing that same analysis identification and resolution as I did when I was a customer.Ā We have been able to help our clients identify on the low end around $350K of exposure to a high end of around $3 million.Ā I wanted to share this with you to help you see a possible way to get a very quick ROI on your investment in their product.Ā
Ā
I could go on about the short comings of SOD out-of-the-box in Dynamics but that would be for another time.
Ā
Good luck in your decision.Ā I hope this helps provide a possible way to see the value of the investment in the Fastpath tools.
——————————
Paul Vaughan
Project Manager
MCA Connect
——————————
——————————————- -
Thanks for the insight. Has anybody use Arbela Security Manager (ASM) as well?
Anything to compare with Fastpath?
Best regards,
Serge
——Original Message——
?
Hi Serge,
Ā
My name is Paul Vaughan and I am currently employed with an MCA Connect, a Dynamics Partner.Ā Prior to coming to MCA Connect I was a user and implementer around AX 2012 for the company where I worked.Ā We chose to purchase the Fastpath suite of products to help us not only with SOD needs but with Licensing control and true-up along with Base Data change tracking.Ā Their tool allowed me as a user to identify where we had license exposure that would have cost our company several thousand dollars.Ā We were able to correct that exposure by using the Fastpath tool to easily drill down to the Permission level where the license is identified.
Ā
When I came to work for MCA Connect 4 years ago, we partnered with Fastpath to create an offering to our clients using their Fastpath Assure tool doing that same analysis identification and resolution as I did when I was a customer.Ā We have been able to help our clients identify on the low end around $350K of exposure to a high end of around $3 million.Ā I wanted to share this with you to help you see a possible way to get a very quick ROI on your investment in their product.Ā
Ā
I could go on about the short comings of SOD out-of-the-box in Dynamics but that would be for another time.
Ā
Good luck in your decision.Ā I hope this helps provide a possible way to see the value of the investment in the Fastpath tools.
——————————
Paul Vaughan
Project Manager
MCA Connect
——————————
-
-
0 Replies
Sorry, there were no replies found.
The discussion ‘SoD options’ is closed to new replies.
