D365 Finance & Operations and Dynamics AX Forum

Expand all | Collapse all

Data Admin role cannot view entities that have no Application module associated with them

  • 1.  Data Admin role cannot view entities that have no Application module associated with them

    SILVER CONTRIBUTOR
    Posted Feb 24, 2021 11:50 AM
    Hello,

    I am trying to wrap my head around something that is happening in the Data Management workspace. I have sys admin rights so I can view everything seamlessly obviously. However, we have a Data team that is responsible for reporting, validation, etc etc. I am in the process of handing off the responsibilities of the BYOD export project that runs every night to them. Data team has Data Admin role, however it left a lot of things out.

    First thing we noticed is that the "Configure entity export to database" tile was missing from the data management workspace for them. I then created a new role, and added the oob duty "Application document entities" to it and it resolved this issue.

    However, when they view the actual export project, they cannot see any of the entities that I can see as sys admin if the entity does not have an application module. I have attached a screenshot showing my view:
    byodexport
    So they cannot see the entities in sequence 6-9 here and it just skips to 10 on their view.

    To resolve this, our gold partner has suggested creating a new privilege, and then added every entity in the system to that privilege, and then attaching that to the new role i created. This seems very cumbersome though and will require  a bit of maintenance if stuff changes.

    Is there a better way to resolve this issue? And can someone help me better understand what it means for an entitiy to not belong to an application module, and why this drops off for the data admin role? I really do appreciate any feedback.

    Thanks

    ------------------------------
    Stuart Broach
    Medicago
    ------------------------------


  • 2.  RE: Data Admin role cannot view entities that have no Application module associated with them

    TOP CONTRIBUTOR
    Posted Feb 25, 2021 09:00 AM
    Stuart,

    The security you have assigned the security gives the user access to the actual Data Management module but they also would need to be assigned access to data entities that are a part of your data project for them to be able to see them. This happens other places in the system to, for example when looking at workflow items assigned to a user (where a user may have access to a page but the data on that page requires them to have additional access).

    Kind of unrelated but I cover this topic where a user's security is done by data in the database or through code here: https://alexdmeyer.com/2019/11/11/gaps-in-the-security-diagnostics-for-task-recordings-feature-in-d365fo/

    So for them to be able to see all data entities in the project, you would only have to assign them access to the data entities they cannot currently see.

    Feel free to reach out with any additional questions.

    ------------------------------
    Alex Meyer
    Director of Dynamics AX/365 for Finance & Operations Development
    Fastpath
    Des Moines, IA
    ------------------------------



  • 3.  RE: Data Admin role cannot view entities that have no Application module associated with them

    SILVER CONTRIBUTOR
    Posted Feb 25, 2021 11:10 AM
    Hi Alex,

    Thank you for your helpful response. Is there any drawback to assigning all entities to a privilege for this particular situation? I guess I'm trying to figure out a way to not have to manage this so manually. Our PowerBI stuff is in its infancy, and I know we will be adding and dropping entities moving forward. I'm already getting beaten up pretty bad with the mappings on entities changing and then failing to export until I drop and republish the entity and generate the mapping again. Right now the entire process is very cumbersome.

    Also real quick, what does the tile on the DM workspace entitled 'Set up roles for data projects' do? Is that another way to handle this? I think its worth noting that we are a GMP environment that is fully validated, so all the manual stuff means more paper work and signatures. That's why its important to me to have this run smoothly without having to stick new stuff in there all the time. Thanks for all of your help Alex.

    ------------------------------
    Stuart Broach
    Medicago
    ------------------------------



  • 4.  RE: Data Admin role cannot view entities that have no Application module associated with them

    TOP CONTRIBUTOR
    Posted Feb 25, 2021 03:46 PM
    Edited by Alex Meyer Feb 25, 2021 03:46 PM
    Stuart,

    The Data Management workspace is not somewhere I spend a lot of time at but it looks like the 'Setup of roles for data projects' may be able to help you in your situation. If I set up a test project:



    And then go to the 'Setup of roles for data projects' area:
    It would appear I have the ability to grant access to an individual processing group and then assign this access to a role/user. This would save you from having to actually modify the user or roles access individually as it would appear this allows you to set it on the fly.

    I have not tested this process and I have no idea how it handles this internally (does it actually change security or user role assignments?) but it would appear this area is to address scenarios like yours.

    ------------------------------
    Alex Meyer
    Director of Dynamics AX/365 for Finance & Operations Development
    Fastpath
    Des Moines, IA
    ------------------------------



  • 5.  RE: Data Admin role cannot view entities that have no Application module associated with them

    SILVER CONTRIBUTOR
    Posted Feb 26, 2021 01:48 PM
    Hi Alex,

    Wow, this is awesome. We learn something new every day! Thank you sooo much for looking into this when I mentioned it. Im going to fiddle with it now and I will report back my findings. Thanks for all you do for the community.

    ------------------------------
    Stuart Broach
    Medicago
    ------------------------------



  • 6.  RE: Data Admin role cannot view entities that have no Application module associated with them

    SILVER CONTRIBUTOR
    Posted Feb 26, 2021 02:42 PM
    Welp, I gave it the ole college try, but this solution will not work for us unfortunately. This feature does not over ride the security on users roles. After testing, I found a nice little article from Encore that explains it.



    Looks like adding the entities manually to a privilege it is!

    ------------------------------
    Stuart Broach
    Medicago
    ------------------------------



If you've found this thread useful, dive deeper into User Group community content by role