ApplicationsMicrosoft

Fastpath Assure for MS Dynamics – Q1 2020 Release Highlights

Chris Katz
May 7, 2020
7 min read

Fastpath is one of the most advanced tools available for monitoring user access and segregation of duties access in Microsoft Dynamics AX2012 and Dynamics 365 Finance and Operations (D365F&O). The Fastpath solution provides a simplified reporting structure for security access in Dynamics and provides a powerful tool to detect, manage and optimize the complicated security model that Dynamics has to offer. Fastpath’s Assure suite of tools is always evolving and several new releases each quarter often bring useful new features and functions. In this quarterly blog series, we will explore some of the best release features for Fastpath over the past few months.

Q1 2020

Security migration

This feature is technically from Q4, 2019, however, the demand we have seen for this update, combined with the fact that we have not yet covered it, means the security migration feature warrants a spot in this list. Previously, the Fastpath Security Designer tool allowed users to create security “models.” Within each “model,” roles, duties and privileges could be modified, inspected for segregation of duties (SoD), and then pushed into Dynamics. The tool only pushed the new security to one environment, and it was up to the system administrator to move those changes through the appropriate development, test and production environments using only the tools that Microsoft provided.

The Security Migration tool within Security Designer now offers a helping hand to security administrators, enabling a simpler and more precise way to move security changes. To use it, security administrators can simply upload security customizations of roles, duties and privileges using the XML export generated by D365F&O. Then, they can make changes to the name, label and description as desired, and export changes to either XML (for the user interface) or code (for the Application Object Tree, or AOT) to match their defined security migration policies. The tool also lets administrators select the specific object(s) that they want to move, granting even greater control over the change management process. There is also some clever analysis Fastpath performs to find dependencies on the security objects so that everything works as expected when objects are moved.

As an example of this analysis, I enabled the role “ZsecurityMigrationExampleRole” in the Security Migration tool screenshot below. Fastpath automatically enabled the duty and privilege associated with this role so that everything works as expected when imported into the next environment.

Associate person in Identity Manager

One commonly known challenge when creating new users in Dynamics is performing the extra step of setting up a person/worker within the HR module and associating it with the new user. Neglecting this step can result in end-user challenges such as errors in the configured system workflows. These can be difficult to track down and time-consuming to resolve.

Fastpath now simplifies this process by allowing the user ID to person/worker association to occur as part of the standard Identity Manager process. When creating a new or modify user request, security administrators will now see this option appear as a friendly reminder and a useful way to avoid the errors altogether.

Review delegation in access certifications

Things happen over the course of business. Employees go on vacation, take on different roles within an organization, and delegate tasks to others. The ability to delegate responsibility for reviews has been a feature in Fastpath for a while; however, it has now been updated to allow the delegation action to occur at any point in time, even when a review is in progress.

This new feature allows users to retain the valuable work they have performed during any given review and delegate the remaining pieces of review to a new person.

SoD reporting – conflict ruleset template

The ability to maintain SoD conflict rulesets is one of the most crucial capabilities that Fastpath provides. Ruleset owners can always maintain their rulesets one item at a time by using the setup menus provided in Fastpath; however, this next feature provides an easier way to make ruleset changes in mass.

There has been a way to export an SoD ruleset to MS Excel for a while now, but it has always required a few steps. A security administrator first needed to create a new SoD conflict ruleset, then export that ruleset to use it as a template for modifications. Fastpath now provides a download template directly in the create conflict ruleset dialog box. Security administrators can leverage this template to do mass ruleset modifications in Microsoft Excel, then upload them in Fastpath.

Of course, the new ruleset will still run through the same series of checks we’ve become accustomed to as it is imported. This helps resolve many of the common data import issues by providing useful error messages to point out incompatible data types or fields that may have been populated incorrectly before starting to rely on the new ruleset.

SoD reporting – associate product to business process group

One of Fastpath’s many useful features is the ability to connect to across multiple products (D365F&O, Oracle, SAP, and others) and run cross-application SoD analyses. Once the connections are made, security administrators have had the ability to create Business Process groups with objects from any of those connected systems. This functionality worked great, especially if the products are different since in most cases the underlying securable objects were different enough that they could be easily deciphered and only exist in one product.

That said, it created some challenges where systems were similar. Let’s say a company has two D365F&O production environments:

1. System 1: D365F&O used only for financials
2. System 2: D365F&O used only for HR and payroll

The security objects within both System 1 and System 2 will be the same since they are both D365F&O; however, the objects which cause risk in each will be different.

In System 1: The company would only care about access to finance related activities and menus. Having access to HR and payroll data in System 1 is not really a risk, because that information is not maintained and does not drive any HR or finance related decisions.
In System 2: Only HR and payroll related activities are risky. Having the ability to maintain financial information in this system is not risky because it does not drive any finance related decisions or impacts.

Fastpath has now modified their Business Process groups so that each group is specific to one product. Companies leveraging Fastpath to perform SoD monitoring over a single product will not see much of a change; however, companies that are using Fastpath for monitoring over multiple applications will now see many options when setting up the Business Process groups.

This provides greater control over a company’s risk by allowing for more granular control.

Conclusion

Fastpath embraces customer feedback and actively works to improve the functionality and end-user experience of its Assure suite of tools. New releases are made available on a regular basis and the release calendar is maintained on their website. If you have something that you think would be helpful please comment below or reach out to Fastpath directly at support@gofastpath.com. That’s all for this time. We’ll be back this summer with Q2 updates.

To learn more about Protiviti’s Microsoft capabilities, please visit our Microsoft Solutions site or contact us.

Chris Katz

Associate Director
Business Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
29 Apr

Protiviti's Chris Daniel will join the Analytics Study Breakfast panel to discuss the just-released 2024 CGT Analytics Study on Friday, May 3 during the #AnalyticsUnite2024 Summit. Register today! https://ow.ly/oVou50Rpfrn #ProtivitiTech

Reply on Twitter 1784946420555862405 Retweet on Twitter 1784946420555862405 Like on Twitter 1784946420555862405 Twitter 1784946420555862405
protivititech Protiviti Technology @protivititech ·
26 Apr

RSA Conference 2024 is quickly approaching! Stop by Microsoft's Booth #6044N - Moscone North on May 8 at 3 pm to see Protiviti's demo presentation! https://ow.ly/hk3350RmwaS #RSAC #Microsoft

Reply on Twitter 1783934284492943722 Retweet on Twitter 1783934284492943722 Like on Twitter 1783934284492943722 Twitter 1783934284492943722
protivititech Protiviti Technology @protivititech ·
26 Apr

Protiviti is a proud sponsor of #AnalyticsUnite2024. The summit provides retail and consumer goods executives with the unprecedented opportunity to learn from and network with the industry’s global leading analytic experts. https://ow.ly/5uNR50RpfcM #ProtivitiTech

Reply on Twitter 1783904458948133260 Retweet on Twitter 1783904458948133260 Like on Twitter 1783904458948133260 Twitter 1783904458948133260
protivititech Protiviti Technology @protivititech ·
25 Apr

Whether you need assistance in finance transformation, data & analytics, security & privacy, regulatory compliance, or business consulting, we have you covered. Read the April issue of #SAP Insights now! https://ow.ly/5qtO50RmFBs #ProtivitiTech

Reply on Twitter 1783556978268045479 Retweet on Twitter 1783556978268045479 Like on Twitter 1783556978268045479 Twitter 1783556978268045479
protivititech Protiviti Technology @protivititech ·
25 Apr

Protiviti leveraged #Microsoft Azure AI portfolio to create an intelligence information retrieval system for a client needing to comply with new EPA regulations. The AI-enabled solution sifted through terabytes of data, saving the company time and money. https://ow.ly/pYvm50Rmx3X

Reply on Twitter 1783481606822314257 Retweet on Twitter 1783481606822314257 Like on Twitter 1783481606822314257 Twitter 1783481606822314257
Load More