12 Tips of D365 F&O - Testing With Security
December 4, 2023
🎶In the first tip of D365 F&O, D365 with Brittany shared with me--always test with proper security!🎶
Why is Testing With Security Important?
There is nothing worse than turning a customization over to a user only to be plagued by security issues and missing menu items. Before suggesting users should test, be sure to complete 2 rounds of testing - one with system admin to fully assess the functionality and a second with the proper security assigned.Â
Functionality Testing
Testing customizations and new functionality should start with a full testing cycle with the System Administrator role before creating and testing with the proper security that users will be assigned. This cycle of testing should be completed by the IT/Project/Consulting team prior to any user testing.Â
Why test with System Admin access first?
Advanced Functionality Testing:
 Testing with a System Admin allows you to verify the functionality of customiszations and ensures that they work as expected.
It helps identify any issues or limitations in using customfunctionalities within D365 F&O.
Troubleshooting and Debugging:
In case of any issues or errors, System Administrators are usually involved in troubleshooting and debugging. Testing with System Admin access can help identify and resolve potential issues early in the development or testing process.
It allows for a more comprehensive analysis of error messages and logs.
Testing with restricted access might lead to misinterpretation of issues or delays in identifying the root causes during initial QA testing.
 In my experience, ensuring the functionality works as intended before adding in the additional layer of security will help to ensure the solution is complete and that any issues with the solution regardless of security are worked out. Only once the functionality is working with System Admin should it be turned over to users for testing with proper security.
Security Testing
Once the functionality has been full vetted without limited security, customizations should be tested with the same access a user would have in a live environment.Â
Why should I test with limited security?
Accurate Representation of User Experience:
Testing with the correct security roles ensures that you replicate the actual user experience. Users with different roles have varying levels of access to data and functionalities. Testing with the appropriate security access helps you understand how the customization will behave for different user types.
Proper security access ensures that UAT accurately reflects how users will interact with the customized features in a production-like environment.
Identification of Permission-Related Issues:
Security access plays a significant role in controlling user permissions. Testing with the right security roles helps identify any permission-related issues early in the testing process.
It allows you to ensure that users can perform only the actions they are supposed to and are restricted from accessing unauthorized data or functionalities.
Validation of Security Configuration:
Dynamics 365 F&O allows administrators to configure security roles and permissions extensively. Testing with proper security access validates that the security configurations are correctly set up and enforced.
It helps confirm that the security model aligns with the business requirements and compliance standards.
Risk Mitigation:
Inadequate security testing can lead to security vulnerabilities and risks. Testing with proper security access helps mitigate the risk of unauthorized access, data breaches, or misuse of functionalities.
Identifying and addressing security issues during the testing phase reduces the likelihood of security-related incidents in the production environment.
Have questions about testing with security? Send me a message and I will be in touch!
Don't forget to subscribe to my newsletter to get exclusive content and stay up to date with all my latest posts.Â