Setting up Role-Based Security with Forms in Microsoft Dynamics AX 2012

Overview

Microsoft Dynamics AX 2012 uses a role-based security framework to assign permissions to users of AX. A user must be assigned to one or more security roles in order to access different functions within AX.

Pre-requisites

  1. Microsoft Dynamics AX 2012
  2. At least one user must be setup (System administration à Common à Users à Users)

Important Concepts

1. Security roles

Security roles define a particular function that an individual plays in an organization. Security roles are groups of duties and privileges which define the functionality a user can access and parts of the interface a user can view.

2. Process cycles

Process cycles are used to organize duties and privileges according to the business processes used in an organization. They are not directly assigned to the user but helps in organizing higher level process of the organization.

3. Duties

Duties correspond to individual task that a user can perform, and group related privileges into a single task. Each duty can be assigned to one or more security roles depending upon the business process in question.

4. Privileges

Privileges are used to give access to individual application objects like forms and reports. A privilege defines the level of permission that is required to access an application object in AX. Privileges group together permissions that are necessary to complete a specific job.

5. Entry point

An entry point corresponds to a starting point that a user is required to access in order to perform a job. Each function in AX is accessed through an entry point. There are 3 different types of entry points in AX:

  • Menu items
  • Web menu items
  • Service operations

6. Permissions

Permissions are used to control access to each individual object in Dynamics AX. The level of permission is controlled by the associated Access level. Following are the different Access levels available in AX:

  • Read
  • Update
  • Create
  • Correct
  • Delete
  • No Access

Read represents the weakest permission. Delete is the highest permission that can be assigned. When an access level is assigned, all the permissions below it hierarchically are automatically included. For example, Create permission also includes Update and Read. No Access is used to deny user permission to a particular object.

Scenario

As part of this tutorial, role-based security will be applied to the Customer groups form (Accounts receivable à Setup à Customers à Customer groups).

Steps

  1. First, to create a new privilege go to AOT à Security à Privileges
  2.  

  3. Right click on Privileges and select New Privilege
  4.  

  5. Name it CustomerGroupView

    Note: It is a best practice to name a Privilege as MenuItemName + View/Maintain depending upon the Access level

  6.  

  7. Set the Label of the privilege as Customer group view

  8.  

  9. Now expand the newly created privilege and create an entry point by right clicking on Entry Points and selecting New Entry Point
  10.  

  11. Name the entry point as CustGroup and set the AccessLevel to Read
  12.  

  13. Set the ObjectType to MenuItemDisplay and ObjectName to the menu item of the Customer group form, CustGroup

  14.  

  15. Save the privilege
  16.  

  17. Now create a duty and assign the above created privilege to the duty
  18.  

  19. Go to AOT à Security à Duties
  20.  

  21. Right click on Duties and select New Duty to create a new duty

  22.  

  23. Name the duty as CustomerGroupView and set the Label as Customer group view
  24.  

  25. Expand the above created duty and create a new privilege by right clicking on the Privileges node and select New Privilege
  26.  

  27. Select the CustomerGroupView privilege in the Name field and save the duty

    Note: You can also drag and drop the privilege on the Privileges node

  28.  

  29. Next create a new role by going to AOT à Security à Roles
  30.  

  31. Right click on Roles node and select New Role
  32.  

  33. Name the role as SecurityDemo and Label it as Security demo
  34.  

  35. Expand the above created role and right click on Duties node and select New Duty
  36.  

  37. Select the CustomerGroupView duty in the Name field and save the role
  38. Note: You can also drag and drop the duty on the Duties node

     

  39. Now assign the above role to a user Dynamics AX. Go to System administration à Setup à Security à Assign users to roles
  40.  

  41. On the Assign users to roles form, select the above created role in the left tree and click on Manually assign / exclude users
  42.  

  43. In the opened dialog, select the user to which you want to assign the role and press Assign to role
  44.  

  45. A green check mark will appear in case of successful assignment. Close the form
  46.  

  47. Now login with the selected role
  48.  

  49. Only the functions assigned to the user will be visible. In this case only the Customer groups form is visible since the Security Role contains only one duty. Also note that only those Menus will be visible that contains the menu item assigned in the Privilege

 

February 3, 2015
  • Krishna

    A good explanation. Appreciate your effors