Enterprise-Grade
Security Audit
for Dynamics 365
Analyze every user, role, and privilege across your Dataverse environment. Detect security risks, compare access levels, and generate comprehensive audit reports — all from one powerful XrmToolBox plugin.
Everything You Need for Security Auditing
From real-time filtering to Excel exports, every feature is designed to make security analysis faster and more thorough.
Core Features
User-Role Grid
Virtual-mode DataGridView handles 20,000+ users effortlessly. Only visible rows are rendered for buttery-smooth scrolling.
Privilege Risk Heatmap
Color-coded access levels from Basic (green) to Global (red) give you instant visual insight into privilege distribution.
Security Risk Detection
Automatically flags high-risk users with System Administrator, System Customizer, or Support User roles.
Real-time Search
Debounced 300ms filtering across the entire user list. Find any user by name in milliseconds.
Column Sorting
Click any column header to sort ascending or descending. Sort by name, risk level, role count, or any field.
Privilege Drill-down
Navigate Role → Privilege → Access Level in a hierarchical tree view. Understand exactly what each role grants.
Advanced Features
Role Comparison
Compare two users side-by-side to identify shared and unique roles, privileges, and access levels.
Analytics Dashboard
Summary statistics with an interactive bar chart showing risk distribution, privilege levels, and role counts.
Excel Export
Export to .xlsx with ClosedXML and conditional formatting. Risk colors are preserved in the spreadsheet.
Open in CRM
Double-click any user row to instantly open their profile in Dynamics 365 — no searching required.
Audit Security in 9 Simple Steps
From connecting to your instance to exporting reports — the entire workflow is streamlined.
Open the Tool
Launch Role Privilege Analyzer from XrmToolBox and connect to your Dynamics 365 instance.
Load Data
FetchQuery triggers 6 optimized bulk queries to load users, roles, and privileges.
Explore User-Role Grid
Browse the virtual-mode DataGridView with 20,000+ users without lag.
Analyze Risk Levels
Instantly see color-coded risk indicators for every user in the grid.
View Privilege Drill-Down
Click any cell to see Role → Privilege → Access Level details.
Compare Users
Select two users and compare their roles and privileges side-by-side.
View Analytics
Open the analytics tab for summary stats and interactive bar charts.
Export to Excel
Generate a formatted .xlsx file with conditional formatting preserved.
Open User in CRM
Double-click a user row to open their Dynamics 365 profile directly.
Understand Your Security Posture
Visual risk indicators make it easy to identify over-privileged users and dangerous access levels at a glance.
High Risk
System Administrator, System Customizer, or Support User role detected.
Over Privileged
More than 5 roles assigned OR any Global-level privilege found.
Normal
User is within safe thresholds. Standard access level.
No Roles
Zero role assignments detected. User has no access.
Built for Scale
Every architectural decision prioritizes performance. No compromises.
VirtualMode Rendering
Only visible rows are rendered in the DataGridView. Scroll through 20,000+ users with zero lag.
6 Bulk Queries
All data is fetched in just 6 optimized FetchXML queries. Zero N+1 problem.
In-Memory Caching
Dictionary-based caching ensures O(1) lookups for role names, privilege levels, and risk calculations.
Async / Await Throughout
Every I/O operation uses async patterns to keep the UI thread responsive during data loading.
Progress Bar Feedback
Real-time progress bar shows query execution status so users know exactly what's happening.
20,000+ Users
Tested with environments exceeding 20,000 users. The grid remains smooth and responsive.
Clean, Modular Design
The codebase follows a clear separation of concerns with dedicated layers for plugins, models, services, and controls.
RolePrivilegeAnalyzer/├── Models/│ ├── UserRoleModel.cs│ ├── PrivilegeModel.cs│ └── RoleComparisonResult.cs├── Services/│ ├── DataService.cs│ ├── RiskAnalysisService.cs│ └── ExportService.cs├── UI/│ └── RolePrivilegeAnalyzerControl.cs├── Properties/│ └── AssemblyInfo.cs├── RolePrivilegeAnalyzerPlugin.cs└── RolePrivilegeAnalyzer.csproj
6 Optimized FetchXML Queries
No N+1 problem. All data is loaded in just 6 bulk queries with carefully designed FetchXML.
Fetches all users with their full names and domain names from the systemuser table.
<fetch mapping="logical" distinct="false">
<entity name="systemuser">
<attribute name="fullname" />
<attribute name="domainname" />
<attribute name="systemuserid" />
<filter type="and">
<condition attribute="isdisabled" operator="eq" value="false" />
</filter>
</entity>
</fetch>Retrieves role associations for each user via the systemuserroles intersection table.
<fetch mapping="logical">
<entity name="systemuserroles">
<attribute name="systemuserid" />
<attribute name="roleid" />
<link-entity name="role" from="roleid" to="roleid">
<attribute name="name" />
</link-entity>
</entity>
</fetch>Fetches all roleprivilege records linking roles to their granted privileges.
<fetch mapping="logical">
<entity name="roleprivilege">
<attribute name="roleid" />
<attribute name="privilegeid" />
<attribute name="accessright" />
<attribute name="depth" />
</entity>
</fetch>Loads privilege metadata including name and object type code for each privilege.
<fetch mapping="logical">
<entity name="privilege">
<attribute name="privilegeid" />
<attribute name="name" />
<attribute name="objecttypecode" />
</entity>
</fetch>Retrieves all business units for hierarchical depth calculations.
<fetch mapping="logical">
<entity name="businessunit">
<attribute name="businessunitid" />
<attribute name="name" />
<attribute name="parentbusinessunitid" />
</entity>
</fetch>Fetches the 3 built-in system roles (System Administrator, Customizer, Support User).
<fetch mapping="logical">
<entity name="role">
<attribute name="roleid" />
<attribute name="name" />
<filter type="and">
<condition attribute="ismanaged" operator="eq" value="true" />
</filter>
</entity>
</fetch>