Richer access control for extension source in cloud environments


This content is archived and is not being updated. For the latest documentation, go to What's new and planned for Dynamics 365 Business Central. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically Sep 1, 2021 Oct 1, 2021

Business value

Currently it's possible to control access to an extension source in the cloud through the app.json property ShowMyCode. If enabling this, an extension source will be available both for debug, download (PTEs), and in symbols. Because of this, many partners choose not to share the source, thereby also prohibiting debug, leading to longer times to mitigate customer issues, and challenges with providing alternatives for debugging a source.

Feature details

For better control of source access, more granular and static app.json settings for IP access are available flags in the new "resourceExposurePolicy" setting:

  • allowDebugging: Control source access during debug. Note that it would be possible to mine IP across debug sessions.
  • allowDownloadingSource: Control access to downloading .app with source from tenant.
  • includeSourceInSymbolFile: Control whether symbols contain source when downloading from server during development.

In addition, there's an ability to dynamically set the flags mentioned above per Azure Active Directory (Azure AD) tenant by placing a .json configuration file on the KeyVault resource defined in app.json file. This allows locking down the app in various of the above dimensions and temporarily unlock these options for specific Azure AD tenants.

Finally, the existing showMyCode app.json property has been marked obsolete, resulting in a warning if it's used, and an error if both the showMyCode and resourceExposurePolicy properties are used at the same time.

Thank you for your idea

Thank you for submitting this idea. We listened to your idea, along with comments and votes, to help us decide what to add to our product roadmap.

See also

Resource Exposure Policy Setting (docs)