Microsoft Dynamics AX 2012 uses a role-based security framework to assign permissions to users of AX. A user must be assigned to one or more security roles in order to access different functions within AX.
- Microsoft Dynamics AX 2012
- At least one user must be setup (System administration à Common à Users à Users)
1. Security roles
Security roles define a particular function that an individual plays in an organization. Security roles are groups of duties and privileges which define the functionality a user can access and parts of the interface a user can view.
2. Process cycles
Process cycles are used to organize duties and privileges according to the business processes used in an organization. They are not directly assigned to the user but helps in organizing higher level process of the organization.
Duties correspond to individual task that a user can perform, and group related privileges into a single task. Each duty can be assigned to one or more security roles depending upon the business process in question.
Privileges are used to give access to individual application objects like forms and reports. A privilege defines the level of permission that is required to access an application object in AX. Privileges group together permissions that are necessary to complete a specific job.
5. Entry point
An entry point corresponds to a starting point that a user is required to access in order to perform a job. Each function in AX is accessed through an entry point. There are 3 different types of entry points in AX:
- Menu items
- Web menu items
- Service operations
Permissions are used to control access to each individual object in Dynamics AX. The level of permission is controlled by the associated Access level. Following are the different Access levels available in AX:
- No Access
Read represents the weakest permission. Delete is the highest permission that can be assigned. When an access level is assigned, all the permissions below it hierarchically are automatically included. For example, Create permission also includes Update and Read. No Access is used to deny user permission to a particular object.
As part of this tutorial, role-based security will be applied to the Customer groups form (Accounts receivable à Setup à Customers à Customer groups).
- First, to create a new privilege go to AOT à Security à Privileges
- Right click on Privileges and select New Privilege
Name it CustomerGroupView
Note: It is a best practice to name a Privilege as MenuItemName + View/Maintain depending upon the Access level
Set the Label of the privilege as Customer group view
- Now expand the newly created privilege and create an entry point by right clicking on Entry Points and selecting New Entry Point
- Name the entry point as CustGroup and set the AccessLevel to Read
Set the ObjectType to MenuItemDisplay and ObjectName to the menu item of the Customer group form, CustGroup
- Save the privilege
- Now create a duty and assign the above created privilege to the duty
- Go to AOT à Security à Duties
Right click on Duties and select New Duty to create a new duty
- Name the duty as CustomerGroupView and set the Label as Customer group view
- Expand the above created duty and create a new privilege by right clicking on the Privileges node and select New Privilege
Select the CustomerGroupView privilege in the Name field and save the duty
Note: You can also drag and drop the privilege on the Privileges node
- Next create a new role by going to AOT à Security à Roles
- Right click on Roles node and select New Role
- Name the role as SecurityDemo and Label it as Security demo
- Expand the above created role and right click on Duties node and select New Duty
- Select the CustomerGroupView duty in the Name field and save the role
- Now assign the above role to a user Dynamics AX. Go to System administration à Setup à Security à Assign users to roles
- On the Assign users to roles form, select the above created role in the left tree and click on Manually assign / exclude users
- In the opened dialog, select the user to which you want to assign the role and press Assign to role
- A green check mark will appear in case of successful assignment. Close the form
- Now login with the selected role
Only the functions assigned to the user will be visible. In this case only the Customer groups form is visible since the Security Role contains only one duty. Also note that only those Menus will be visible that contains the menu item assigned in the Privilege
Note: You can also drag and drop the duty on the Duties node