1. To-Increase Dynamics 365 for Finance & Operations
  2. Security and compliance studio
  3. Audit security

Manage snapshots

A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of:

  • All securable objects: roles, duties, privileges, and entry points, with the related license type and access level.
  • The associations between the securable objects: user-role, role-duty, role-privilege, duty-privilege, and privilege-entry point.
The snapshot functionality is introduced to improve the performance of several Security and compliance studio features.
The latest snapshot is the security configuration that is used to:
  • Explore the security configuration.
  • Match roles.
  • Refresh the new license type information.
You can also compare snapshots to review the changes made between two snapshot versions.
As snapshots can consist of a lot of data. Keeping many snapshots can slow performance. To avoid this, you can set up automatic clean-up of snapshots. As a result, older snapshots are deleted according to defined rules.


Security administrator Security administrator Security auditor Security auditor Create snapshot Create snapshot You create snapshots to be able to use these Security and compliance studio functions: Security explorer Match roles Compare snapshots A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of: All securable objects: roles, duties, privileges, and entry points, with the related license type and access level. The associations between the securable objects: user-role, role-duty, role-privilege, duty-privilege, and privilege-entry point. You create a snapshot in these cases: The first time you want to explore the security configuration or match roles. Changes are made to the security configuration. So, these changes become available for the security explorer or match roles function. You want to compare the current security configuration with a previous security configuration. You are advised to create snapshots:In batch, if you frequently make changes to the security configuration.In the background, because the creation of a snapshot can take quite some time. Procedure 1. Click Security management. 2. Click the Snapshots tab. 3. Click Create snapshot. 4. Sub-task: Set recurrence and background processing. 5. Expand the Run in the background section. 6. Select Yes in the Batch processing field and fill in the other batch fields as required. 7. Click Recurrence and define the recurrence settings. 8. Click OK. 9. Click OK. Start Start Compare snapshots Compare snapshots You can compare snapshots to review the changes made between two snapshot versions. A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of: All securable objects: roles, duties, privileges, and entry points, with the related license type and access level. The associations between the securable objects: user-role, role-duty, role-privilege, duty-privilege, and privilege-entry point.On creation of a snapshot, a full compare is done with the previous snapshot version. So, if you compare two subsequent snapshots, the Compared field is already set to Yes.You can also compare non-subsequent snapshot versions. If you do so for the first time, you can manually do a full compare or only compare selected records. Procedure 1. Click Security audit. 2. Click the Snapshots tab. 3. Sub-task: Compare subsequent snapshots. 4. In the list, find and select a snapshot. 5. In the list, find and select the next snapshot. 6. Click Compare. Note: Loading the snapshot data can take some time. 7. In the Select security object type field, select an option. 8. In the First snapshot pane, you can review the objects that are: - Changed (marked in blue) - Deleted (marked in red) For each changed object, you can review the changes in the Differences pane. In the list, find and select a changed object (marked in blue). Note: Click Show changes only to only have the changed, deleted, and added objects shown in the First snapshot grid and the Second snapshot grid. 9. In the Second snapshot pane, you can review the objects that are added (marked in green). 10. Sub-task: Compare non-subsequent snapshots. 11. In the First snapshot field, enter or select a snapshot. 12. In the Second snapshot field, enter or select a snapshot. Select a snapshot version later than but not next to the First snapshot. Note: If this is the first time that you compare these snapshots, in the first snapshot pane, the Compared field is empty. 13. In the First snapshot grid or in the Second snapshot grid, in the list, find and select the objects to be compared. 14. Click Compare selected. 15. You can also do a full compare. So, all objects of the selected snapshots are compared. Click Full compare. Note: A full compare can take some time. 16. Click OK. Refresh licenses Refresh licenses The licensing model of D365 FO is changed. Previously, for D365 FO, these license types were available:OperationsActivity userTeam memberCurrently, the previous operations license type is split into these base license types:Finance (Finance)SCM (Supply Chain Management)Retail (Retail)ProjectOperations (Project Operations)Each full user must have a base license. And if required, for each user, you can add these attach licenses:Finance (Finance)SCM (Supply Chain Management)Retail (Retail)Talent (Talent)EAM (Asset Management)ProjectOperations (Project Operations)To show the required new license types in Security and compliance studio, refresh the new license type information. The new license types are refreshed based on the latest snapshot of the security configuration.As a result, the applicable new license types are retrieved and shown in the Security explorer for each of these securable objects:UsersRolesDutiesPrivilegesEntry pointsAlso, on other forms, the new license types are filled after refreshing the licenses. The New license type field is shown on each form where the User license field is shown.The new license types can be shown in these formats:One license type: Only the shown base license is required.Several license types with plusses: All shown licenses are required. Use one of the shown licenses as base license and the other shown licenses as attached license. Example: Finance+SCM.Several license types with forward slashes: One of the shown base licenses is required. No attached licenses are required. Example: Finance/SCM/Retail.Any base license: Any of the base licenses is required. It doesn't matter which one. Procedure 1. Click License optimization. 2. Click Security explorer. 3. Click Refresh licenses. 4. Sub-task: Refresh licenses in batch. 5. Expand the Run in the background section. 6. Select Yes in the Batch processing field and fill in the other batch fields as required. 7. Click Recurrence and define the recurrence settings. 8. Click OK. 9. Click OK. Notes The previous D365 FO license types are still shown in the User license type field. The user license type is filled automatically. So, it is not related to Refresh licenses function. Snapshot comparison  required? Snapshot comparison  required? Delete snapshots Delete snapshots As a snapshot can consist of a lot of data, keeping many snapshots can slow performance. Therefore, you are advised to have a maximum of five snapshots.You can set up automatic clean-up of snapshots. As a result, older snapshots are deleted according to these rules: The value of the Limit number of snapshots field on the Security and compliance studio parameters. The number, as defined in this field, is the number of snapshots that is kept if you delete snapshots.The Protected check box for snapshots. The snapshots that are marked as protected are kept. On deletion, counting of snapshots to be kept starts with the latest snapshot, while protected snapshots are skipped in the count. The remaining older snapshots are deleted. No snapshots are deleted if the value of the Limit number of snapshots field is 0, or less than or equal to the number of snapshots. Example:In September 2018, eight snapshots are created, of which two are marked as protected. At the end of the month, you do your monthly snapshot clean-up.Limit number of snapshots = 3This table shows which snapshots are kept and which ones are deleted: Procedure 1. Click Security management. 2. Click the Snapshots tab. 3. Click Set up automatic deletion. 4. Sub-task: Set recurrence. 5. Expand the Run in the background section. 6. Select Yes in the Batch processing field and fill in the other batch fields as required. 7. Click Recurrence and define the recurrence settings. 8. Click OK. 9. Click OK. End End Yes No

Activities

Name Responsible Description

Create snapshot

Security administrator

You create snapshots to be able to use these Security and compliance studio functions:
  • Security explorer
  • Match roles
  • Compare snapshots
A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of:

  • All securable objects: roles, duties, privileges, and entry points, with the related license type and access level.
  • The associations between the securable objects: user-role, role-duty, role-privilege, duty-privilege, and privilege-entry point.

You create a snapshot in these cases:

  • The first time you want to explore the security configuration or match roles.
  • Changes are made to the security configuration. So, these changes become available for the security explorer or match roles function.
  • You want to compare the current security configuration with a previous security configuration.

You are advised to create snapshots:

  • In batch, if you frequently make changes to the security configuration.
  • In the background, because the creation of a snapshot can take quite some time.

Compare snapshots

Security auditor

 		You can compare snapshots to review the changes made between two snapshot versions.
A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of:
  • All securable objects: roles, duties, privileges, and entry points, with the related license type and access level.
  • The associations between the securable objects: user-role, role-duty, role-privilege, duty-privilege, and privilege-entry point.
On creation of a snapshot, a full compare is done with the previous snapshot version. So, if you compare two subsequent snapshots, the Compared field is already set to Yes.
You can also compare non-subsequent snapshot versions. If you do so for the first time, you can manually do a full compare or only compare selected records.

Refresh licenses

Security administrator

 		The licensing model of D365 FO is changed. Previously, for D365 FO, these license types were available:
  • Operations
  • Activity user
  • Team member
Currently, the previous operations license type is split into these base license types:
  • Finance (Finance)
  • SCM (Supply Chain Management)
  • Retail (Retail)
  • ProjectOperations (Project Operations)
Each full user must have a base license. And if required, for each user, you can add these attach licenses:
  • Finance (Finance)
  • SCM (Supply Chain Management)
  • Retail (Retail)
  • Talent (Talent)
  • EAM (Asset Management)
  • ProjectOperations (Project Operations)
To show the required new license types in Security and compliance studio, refresh the new license type information. The new license types are refreshed based on the latest snapshot of the security configuration.
As a result, the applicable new license types are retrieved and shown in the Security explorer for each of these securable objects:
  • Users
  • Roles
  • Duties
  • Privileges
  • Entry points
Also, on other forms, the new license types are filled after refreshing the licenses. The New license type field is shown on each form where the User license field is shown.
The new license types can be shown in these formats:
  • One license type: Only the shown base license is required.
  • Several license types with plusses: All shown licenses are required. Use one of the shown licenses as base license and the other shown licenses as attached license. Example: Finance+SCM.
  • Several license types with forward slashes: One of the shown base licenses is required. No attached licenses are required. Example: Finance/SCM/Retail.
  • Any base license: Any of the base licenses is required. It doesn't matter which one.

Delete snapshots

Security administrator

 		As a snapshot can consist of a lot of data, keeping many snapshots can slow performance. Therefore, you are advised to have a maximum of five snapshots.
You can set up automatic clean-up of snapshots. As a result, older snapshots are deleted according to these rules:
  • The value of the Limit number of snapshots field on the Security and compliance studio parameters.
    The number, as defined in this field, is the number of snapshots that is kept if you delete snapshots.
  • The Protected check box for snapshots.
    The snapshots that are marked as protected are kept.
On deletion, counting of snapshots to be kept starts with the latest snapshot, while protected snapshots are skipped in the count. The remaining older snapshots are deleted.
No snapshots are deleted if the value of the Limit number of snapshots field is 0, or less than or equal to the number of snapshots.
Example:
In September 2018, eight snapshots are created, of which two are marked as protected. At the end of the month, you do your monthly snapshot clean-up.
Limit number of snapshots = 3
This table shows which snapshots are kept and which ones are deleted:

Provide feedback