Dynamics 365 Business Central: introducing resource exposure policies for extension’s code

I think that everyone of you knows that with Dynamics 365 Business Central extensions your code is by default protected against downloading or debugging. For managing this, in the extension’s app.json file there’s a property called showMyCode that allows the code to be debugged from other extensions when it has been published. The default setting is false and this means that debugging into an extension or going to definition to view the code is not allowed.

If you use showMyCode = true, an extension source will be available both for debug, download (PTEs), and in symbols. This is the reason why many partners uses the default false value but this choice has the effect to also prohibiting debug and so leading to longer times to mitigate customer issues, and challenges with providing alternatives for debugging a source.

Now some things change in Dynamics 365 Business Central version 19. When creating an extension that targets v19 (starting from the public preview available from today), you will start receiving a new warning:

What does that mean?

Starting from Dynamics 365 Business Central 2021 Wave 2 (version 19) you can specify a policy for exposing your source code to other extensions. You can do that by using the new resourceExposurePolicy property, that defines the accessibility of the resources and source code during different operations.

Inside this property, you can specify the following options:

  • allowDebugging: Allows the code to be debugged from other extensions when it has been published. The default setting is false.
  • allowDownloadingSource: Allows the source code to be downloaded. The default setting is false.
  • includeSourceInSymbolFile: Includes the source code in the symbol package. The default setting is false.

To define a resource exposure policy, you can write something like in the following example:

This permits you to define with a fine granularity how to protect your IP and what to expose for debugging to other extensions. Now the life could be better…


  1. In my docker based dev environment even if specify allowDownloadingSource to false, still able to download source code from extension management. Is there an issue?

    “resourceExposurePolicy”: {
    “allowDebugging”: true,
    “allowDownloadingSource”: false,
    “includeSourceInSymbolFile”: false


      1. Yes I have removed ShowMyCode property. Hope that just not supported on Docker as you mentioned. ThankU Stefano.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.