ameyer505
commented
6 months ago Thanks for the input, I have heard this request a couple times now and it absolutely makes sense.
I will get this added to the future feature list.
Closed FH-Inway closed 1 week ago
ameyer505
commented
6 months ago Thanks for the input, I have heard this request a couple times now and it absolutely makes sense.
I will get this added to the future feature list.
kkbhargava
commented
6 months ago Hi @ameyer505
Thanks for sharing this.
I was trying to use it but getting below error while trying to revoke sys admin access:
"Cannot edit a record in Security role (SecurityUserRole). The corresponding AOS validation failed."
Please help me on this.
Thanks!
ameyer505
commented
6 months ago @kkbhargava - All tables within D365FO have the ability to have certain business logic performed within the AOS when an action is done, the SecurityUserRole table has numerous checks to ensure the stability of the system. One of the many checks being performed is failing which is where the error message is coming from.
Based on what what the application is doing my guess would be that one of the following is happening:
If you have further issues please be sure open a new issue within GitHub.
jofme
commented
1 week ago @FH-Inway I have implemented a proposal for this. It's based on the SysAdmin logging functionality (It's essentially just another field on the log entry)
These end dates will be picked up by a new batch job.
If it's only the SysAdmin, then this should be the best way to go about it. It also makes it visible in the audit log when a given ADMIN role will be removed
Thanks for sharing this with the community!
First idea I had when reading about the SysAdmin access feature: Would be nice to be able to time box the access. Basically a just in time SysAdmin access similar to the JIT database access for T2+ environments. The time box would be a configurable value (default: 8 hours). A batch could check when a SysAdmin access was granted and revoke it if the time box has expired.