D365 Finance & Operations and Dynamics AX Forum

​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

------------------------------
Kristal Baird
Director of Accounting Systems
Texas Roadhouse
Louisville KY
------------------------------

Hi,

You might want to consider turning on your Version Control in your AOT.  This will allow you to view any changes and roll them back if they are not working how you expected.

Here is a link from Microsoft on how to manage this.

Working with Version Control in AX

Microsoft		remove preview
Working with Version Control in AX I have had a number of questions on how version control works with AX. I will use this article to post some of the more frequent questions and I'll add to it as I can. Here goes: Can different developers share the same AOS and application aod files? View this on Microsoft >

Version Control Operations in Microsoft Dynamics AX [AX 2012]

Microsoft		remove preview
Version Control Operations in Microsoft Dynamics AX [AX 2012] This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use. View this on Microsoft >

------------------------------
Hector Garcia
Business Systems Analyst
Amerifresh INC
Scottsdale AZ
------------------------------

Original Message:
Sent: 10-09-2017 16:51
From: Kristal Baird
Subject: Change Management - System Admin Access

​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

------------------------------
Kristal Baird
Director of Accounting Systems
Texas Roadhouse
Louisville KY
------------------------------

There is a query called axutilelements that will query the AOT objects and provide the date, time, and userid each object was changed.   We only grant our IT Apps folks sysadmin using a helpdesk ticket, so we use the axutilelements query with a date/time range to see if any AOT items were changed during the timeframe that they had sysadmin.  I'm at Summit if you want to chat.

------------------------------
GG Rowe, PMP
Oregon Chapter Leader
Chapter url: www.axug.com/portland
IT Applications Manager
Planar Systems, a Leyard company
Beaverton, OR 97006
USA
------------------------------

Original Message:
Sent: 10-09-2017 16:59
From: Hector Garcia
Subject: Change Management - System Admin Access

Hi,

You might want to consider turning on your Version Control in your AOT.  This will allow you to view any changes and roll them back if they are not working how you expected.

Here is a link from Microsoft on how to manage this.

Working with Version Control in AX

Microsoft		remove preview
Working with Version Control in AX I have had a number of questions on how version control works with AX. I will use this article to post some of the more frequent questions and I'll add to it as I can. Here goes: Can different developers share the same AOS and application aod files? View this on Microsoft >

Version Control Operations in Microsoft Dynamics AX [AX 2012]

Microsoft		remove preview
Version Control Operations in Microsoft Dynamics AX [AX 2012] This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use. View this on Microsoft >

------------------------------
Hector Garcia
Business Systems Analyst
Amerifresh INC
Scottsdale AZ

Original Message:
Sent: 10-09-2017 16:51
From: Kristal Baird
Subject: Change Management - System Admin Access

​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

------------------------------
Kristal Baird
Director of Accounting Systems
Texas Roadhouse
Louisville KY
------------------------------

GC's suggestion is a good one. 

Our approach is a bit simpler.   In production no one has access to the CUS layer where we do our development.  So we know that any object in the USR layer was changed after the modelstore was deployed.   Then we can look at those item's metadata to see who changed it.

------------------------------
Corey Vantilborg
ERP Analyst
Tigercat International Inc.
Brantford ON
------------------------------

Original Message:
Sent: 10-09-2017 16:51
From: Kristal Baird
Subject: Change Management - System Admin Access

​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

------------------------------
Kristal Baird
Director of Accounting Systems
Texas Roadhouse
Louisville KY
------------------------------

The axutilelements will show changes by a user that has system administrator.  It will show their AX userid.  Changes to security which updates the AOT can be done via the UI into the USR layer, and the query will detect it.

------------------------------
GG Rowe, PMP
Oregon Chapter Leader
Chapter url: www.axug.com/portland
IT Applications Manager
Planar Systems, a Leyard company
Beaverton, OR 97006
USA
------------------------------

Original Message:
Sent: 10-16-2017 14:50
From: Corey Vantilborg
Subject: Change Management - System Admin Access

GC's suggestion is a good one.

Our approach is a bit simpler.   In production no one has access to the CUS layer where we do our development.  So we know that any object in the USR layer was changed after the modelstore was deployed.   Then we can look at those item's metadata to see who changed it.

------------------------------
Corey Vantilborg
ERP Analyst
Tigercat International Inc.
Brantford ON

Original Message:
Sent: 10-09-2017 16:51
From: Kristal Baird
Subject: Change Management - System Admin Access

​Hello!  We are working on our controls around change management & how to get comfortable that our IT admins who have the System Admin security role do not push any code.  Does anyone know of any type of reporting or queries that can be done to prove whether or not a user made code changes in the AX system?  If anyone is willing to talk through their process & their controls I would greatly appreciate it!

------------------------------
Kristal Baird
Director of Accounting Systems
Texas Roadhouse
Louisville KY
------------------------------