From the blog of Alex Meyer, D365FO and Fastpath product expert:
One question I’ve had throughout the releases of D365FO has been why there wasn’t an ‘Undo’ or ‘Remove’ for a security change made within the user interface. Before security changes go live into the system, they first go to a staging area called ‘Unpublished Objects’, on this screen there is currently a ‘Publish all’ and ‘Publish selection’ but there is no way to undo a change once it has been made.
It is a feature that many users have asked about me about so I decided to look to see how feasible it was.
The first thing to do was to figure out which form and SQL tables are being used for this functionality. After some digging I found the form was the SysSecConfiguration and the tables used depended on if you were modifying/removing a security layer from the AOT or if you were creating new security or modifying/removing security originally created in the user interface.
If you were modifying/removing AOT security layers then the tables used were:
If you were creating new security in the user interface or modifying/removing security layers that were originally created in the user interface then the following tables were used:
I also found that an audit of all security changes were stored in the following tables:
- SecurityObjectEvent – shows a high level overview of changes and when that change took effect
- SecurityObjectHistory – shows the entire historical record of each security change, the actual XML data of each change, and a ValidFrom and ValidTo date range
And finally there was the header entry in the SecurityUnpublishedObjects table which stores a record of all security layers that have been modified but not published.