Business Central 2022 wave 2 (BC21) new features: Resource exposure policies for apps are on by default (“allowDebugging”: true, “allowDownloadingSource”: true, “includeSourceInSymbolFile”: true)

Dynamics 365 Business Central

Hi, Readers.
The preview environment for Dynamics 365 Business Central 2022 release wave 2 (BC21) is available. Learn more: Link.

I will continue to test and share some new features that I hope will be helpful.

Resource exposure policies for apps are on by default:

Business value:

With the recent introduction of the resourceExposurePolicy app.json property, the generated setting when using the AL:Go! template was to lock down access to all source.

To ensure that this is a deliberate choice—for example, most per tenant extensions ought to be open for customer source access (unless source is shared elsewhere)—we are reverting to the default used for many years with showMyCode. That is, when using the AL:Go! template, resourceExposurePolicy options will allow access by default. For more about resource exposure policy, see Resource Exposure Policy Setting.

In Business Central 2021 wave 2 (BC19), Microsoft has brought us a new feature, Richer access control for extension source in cloud environments (‘showMyCode’ -> ‘resourceExposurePolicy’).

Let’s see more details:

“resourceExposurePolicy”: Defines the accessibility of the resources and source code during different operations. (Used to replace the ‘showMyCode‘ setting)

“allowDebugging”: Allows the code to be debugged from other extensions when it has been published. The default setting is false. (When debugging whether the user can see the source code)

allowDownloadingSource”: Allows the source code to be downloaded. The default setting is false. (Whether users can download the source code on the Extension Management page)

“includeSourceInSymbolFile”: Includes the source code in the symbol package. The default setting is false. (When the user extracts the Symbol file, whether the source code can be seen)

The AL:Go! project template now has allowDebugging, allowDownloadingSource, and includeSourceInSymbolFile switched on by default in Business Central 2022 wave 2 (BC21). This is visible in the app.json file where the project resourceExposurePolicy property is set.

  "resourceExposurePolicy": {
    "allowDebugging": true,
    "allowDownloadingSource": true,
    "includeSourceInSymbolFile": true

In previous versions:

  "resourceExposurePolicy": {
    "allowDebugging": true,
    "allowDownloadingSource": false,
    "includeSourceInSymbolFile": false

Note: According to my test, this is not determined by the runtime version when using the AL:Go! template, if you have AL Language v10.0 installed, resource exposure policies for apps are on by default.

Of cource, you can always override this for your AppSource or per-tenant extension by changing the setting.

Give it a try!!!😁


Hope this will help.

Thanks for reading.