Fastpath is a comprehensive security auditing and governance tool that provides the platform to monitor user access and segregation of duties risks. The tool can be leveraged across Microsoft Dynamic’s product suite – Dynamics 365 Finance and Operations (D365FO), Dynamics AX, Dynamics GP, Dynamics 365 Business Central (D365BC), Dynamics NAV, Dynamics CRM, Dynamics SL and Dynamics 365 Customer Engagement (D365 CE). Fastpath’s user-friendly interface allows risk management and SOX compliance to be an accessible reality. To keep pace with customer feedback and updates made to the applications themselves, Fastpath releases several updates each quarter that include new features and functionalities. In this quarterly blog series, we cover key new features for Fastpath Dynamics environments from the latest release.
Licensing – D365FO
A license is required to access the Dynamics applications. Each Dynamics application is licensed under either an Assigned (applied to a user device) or Unassigned (applied at the tenant level) status, with various sub-licenses under both Assigned and Unassigned. In-depth details on Dynamics licensing can be found in the Microsoft Dynamics 365 Licensing Guide.
Within Assigned licenses are the Full User Access license and Additional User Access license. A Full User Access license provides a user full capabilities of Dynamic’s business applications and runs on a base plus attach model. This is beneficial for users who want a cost-effective way to obtain licenses for multiple applications. A user can purchase a base license to a core business D365 application, then purchase Attach licenses to a different core business application (SKUs) for a reduced price.
Fastpath provides out-of-box dashboard reports that output licensing data. In the Q1 release, Fastpath updated the user licensing logic to reflect the changes Microsoft made in their latest General Availability (GA) release. As a result, the dashboard reports are able to determine Attach licenses. From a cost perspective, these dashboard reports can be a beneficial resource. It is important to ensure that the security users, roles, duties and privileges are assigned the correct licenses to safeguard against transferring auxiliary expenses for unrequired licenses. It is also important to note that organizations are responsible for the fee attached to the highest license assigned to a user, role, duty or privilege.
How to identify an Attach license in the table above:
- If License SKU column has a single license listed, that user is required to have that license as a base license.
- If License SKU column lists multiple licenses, then that user must have one of the licenses listed as a base license and the rest would be attach licenses. It doesn’t matter which license is the base and which is the attach.
- If licenses in License SKU column are listed with [ ] then it means that the user requires a base license, but it can be any license listed in the [ ].
Deployable Package Update – D365FO
This quarter’s release requires customers to update a deployable package. A deployable package, as defined by Microsoft, is “a unit of deployment that can be applied to any environment. It can consist of a binary hotfix to the runtime components of Application Object Server (AOS), an updated application package, or a new application package.” In summary, a deployable package allows a customer to update their Dynamics software and is often leveraged for customer customizations or by independent software vendors (ISVs) like Fastpath.
This deployable package update affects audit trail. The audit trail module is utilized to record changes made within the integrated system’s environment. Customers have the flexibility to configure which tables and fields they are interested in tracking changes for and which tables they are not interested in. For each change, the audit trail report communicates when the change occurred, the user that made the change and a description of the object that was changed.
The installation of the deployable package will improve audit trail’s change tracking functionality and is required to continue using Fastpath Cloud. In order to successfully install the deployable package without error, the D365FO environment must be at least 10.0.15 version. To troubleshoot, the customer can either update their D365FO environment or contact Fastpath Support to be sent an earlier version of the package.
Fastpath’s audit trail deployable package provides the following updates:
- Performance increase during ‘move data’ process
- Resolving changes tracking DefaultDimension field to show actual dimension values being changed (not just recIds)
- System administrator changes report now ensures AssignmentStatus of user role assignment is set to ‘enabled’
- Added enabled column to user login tracking report to show whether the user is currently enabled
- Adding tracking around ProjTable (if a customer has custom tracking around this table, please remove this tracking to ensure no double tracking)
- Adding project changes report view
- Adding data entity surrounding the data for the data changes report named FpDataChanges, data entity structure looks like the following:
Report Performance – Dynamics AX
Within Fastpath, the segregation of duties module has a user conflicts report that produces the segregation of duties (SoD) conflicts that application users have, based on the security assigned to the user and the rules set within the conflict ruleset. In order to generate the output, the user first must specify the company, user, ruleset and conflict they would like to analyze the user conflicts from, with the option to select all companies, users and conflicts if desired.
Within this release, Fastpath made enhancements to the user conflicts detailed and user conflicts role detail. These enhancements include a new reporting process which will dramatically improve report performance. The user conflicts detailed report mirrors the user conflicts report but provides application specific details on how the user is assigned the access that causes the conflict. The user conflicts role detail report provides a view of user conflicts at the role level.
Identity Manager – AX 2012
The identity manager module in Fastpath provides the ability to provision, change, and terminate user access in the integrated system’s environment with a built-in approval workflow prior to the request being processed. With the Q1 release, Fastpath provides the ability to assign or revoke user group assignments to users and associate a worker record to a user record during the identity manager request process. To enable this feature, The Fastpath AX Connector will need to be updated.
To provide context, in Dynamics AX 2012, user groups may be required to utilize select features and functionalities. There are many benefits to user groups like the ability to provide access to certain functionality (e.g., budget planning), setup workflow approval, set up restrictions for journal posting, etc. as well as be associated to a user record in an Identity Manager request.
Fastpath embraces customer feedback and actively works to improve the functionality and end user experience of their Assure suite of tools. New releases are made available on a regular basis and the release calendar is maintained on their website. That’s all for this time. We’ll be back this summer with Q2 updates.