Unified Operations & Dynamics AX Forum

Expand all | Collapse all

Change Management - System Admin Access

  • 1.  Change Management - System Admin Access

    SILVER CONTRIBUTOR
    Posted Oct 09, 2017 04:52 PM
    ​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

    ------------------------------
    Kristal Baird
    Director of Accounting Systems
    Texas Roadhouse
    Louisville KY
    ------------------------------


  • 2.  RE: Change Management - System Admin Access

    SILVER CONTRIBUTOR
    Posted Oct 09, 2017 05:00 PM
    Hi,

    You might want to consider turning on your Version Control in your AOT.  This will allow you to view any changes and roll them back if they are not working how you expected.

    Here is a link from Microsoft on how to manage this.

    Working with Version Control in AX
    Microsoft remove preview
    Working with Version Control in AX
    I have had a number of questions on how version control works with AX. I will use this article to post some of the more frequent questions and I'll add to it as I can. Here goes: Can different developers share the same AOS and application aod files?
    View this on Microsoft >


    Version Control Operations in Microsoft Dynamics AX [AX 2012]

    Microsoft remove preview
    Version Control Operations in Microsoft Dynamics AX [AX 2012]
    This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use.
    View this on Microsoft >







    ------------------------------
    Hector Garcia
    Business Systems Analyst
    Amerifresh INC
    Scottsdale AZ
    ------------------------------



  • 3.  RE: Change Management - System Admin Access

    D365UG/AXUG ALL STAR
    Posted Oct 10, 2017 07:29 AM
    There is a query called axutilelements that will query the AOT objects and provide the date, time, and userid each object was changed.   We only grant our IT Apps folks sysadmin using a helpdesk ticket, so we use the axutilelements query with a date/time range to see if any AOT items were changed during the timeframe that they had sysadmin.  I'm at Summit if you want to chat.

    ------------------------------
    GG Rowe, PMP
    Oregon Chapter Leader
    Chapter url: www.axug.com/portland
    IT Applications Manager
    Planar Systems, a Leyard company
    Beaverton, OR 97006
    USA
    ------------------------------



  • 4.  RE: Change Management - System Admin Access

    TOP CONTRIBUTOR
    Posted Oct 16, 2017 02:50 PM
    GC's suggestion is a good one.

    Our approach is a bit simpler.   In production no one has access to the CUS layer where we do our development.  So we know that any object in the USR layer was changed after the modelstore was deployed.   Then we can look at those item's metadata to see who changed it.

    ------------------------------
    Corey Vantilborg
    ERP Analyst
    Tigercat International Inc.
    Brantford ON
    ------------------------------



  • 5.  RE: Change Management - System Admin Access

    D365UG/AXUG ALL STAR
    Posted Oct 30, 2017 07:15 PM
    The axutilelements will show changes by a user that has system administrator.  It will show their AX userid.  Changes to security which updates the AOT can be done via the UI into the USR layer, and the query will detect it.

    ------------------------------
    GG Rowe, PMP
    Oregon Chapter Leader
    Chapter url: www.axug.com/portland
    IT Applications Manager
    Planar Systems, a Leyard company
    Beaverton, OR 97006
    USA
    ------------------------------