Setting up Role-Based Security with Forms in Microsoft Dynamics AX 2012


Microsoft Dynamics AX 2012 uses a role-based security framework to assign permissions to users of AX. A user must be assigned to one or more security roles in order to access different functions within AX.


  1. Microsoft Dynamics AX 2012
  2. At least one user must be setup (System administration à Common à Users à Users)

Important Concepts

1. Security roles

Security roles define a particular function that an individual plays in an organization. Security roles are groups of duties and privileges which define the functionality a user can access and parts of the interface a user can view.

2. Process cycles

Process cycles are used to organize duties and privileges according to the business processes used in an organization. They are not directly assigned to the user but helps in organizing higher level process of the organization.

3. Duties

Duties correspond to individual task that a user can perform, and group related privileges into a single task. Each duty can be assigned to one or more security roles depending upon the business process in question.

4. Privileges

Privileges are used to give access to individual application objects like forms and reports. A privilege defines the level of permission that is required to access an application object in AX. Privileges group together permissions that are necessary to complete a specific job.

5. Entry point

An entry point corresponds to a starting point that a user is required to access in order to perform a job. Each function in AX is accessed through an entry point. There are 3 different types of entry points in AX:

  • Menu items
  • Web menu items
  • Service operations

6. Permissions

Permissions are used to control access to each individual object in Dynamics AX. The level of permission is controlled by the associated Access level. Following are the different Access levels available in AX:

  • Read
  • Update
  • Create
  • Correct
  • Delete
  • No Access

Read represents the weakest permission. Delete is the highest permission that can be assigned. When an access level is assigned, all the permissions below it hierarchically are automatically included. For example, Create permission also includes Update and Read. No Access is used to deny user permission to a particular object.


As part of this tutorial, role-based security will be applied to the Customer groups form (Accounts receivable à Setup à Customers à Customer groups).


  1. First, to create a new privilege go to AOT à Security à Privileges

  3. Right click on Privileges and select New Privilege

  5. Name it CustomerGroupView

    Note: It is a best practice to name a Privilege as MenuItemName + View/Maintain depending upon the Access level


  7. Set the Label of the privilege as Customer group view


  9. Now expand the newly created privilege and create an entry point by right clicking on Entry Points and selecting New Entry Point

  11. Name the entry point as CustGroup and set the AccessLevel to Read

  13. Set the ObjectType to MenuItemDisplay and ObjectName to the menu item of the Customer group form, CustGroup


  15. Save the privilege

  17. Now create a duty and assign the above created privilege to the duty

  19. Go to AOT à Security à Duties

  21. Right click on Duties and select New Duty to create a new duty


  23. Name the duty as CustomerGroupView and set the Label as Customer group view

  25. Expand the above created duty and create a new privilege by right clicking on the Privileges node and select New Privilege

  27. Select the CustomerGroupView privilege in the Name field and save the duty

    Note: You can also drag and drop the privilege on the Privileges node


  29. Next create a new role by going to AOT à Security à Roles

  31. Right click on Roles node and select New Role

  33. Name the role as SecurityDemo and Label it as Security demo

  35. Expand the above created role and right click on Duties node and select New Duty

  37. Select the CustomerGroupView duty in the Name field and save the role
  38. Note: You can also drag and drop the duty on the Duties node


  39. Now assign the above role to a user Dynamics AX. Go to System administration à Setup à Security à Assign users to roles

  41. On the Assign users to roles form, select the above created role in the left tree and click on Manually assign / exclude users

  43. In the opened dialog, select the user to which you want to assign the role and press Assign to role

  45. A green check mark will appear in case of successful assignment. Close the form

  47. Now login with the selected role

  49. Only the functions assigned to the user will be visible. In this case only the Customer groups form is visible since the Security Role contains only one duty. Also note that only those Menus will be visible that contains the menu item assigned in the Privilege


February 3, 2015


Email [email protected] with any questions you have pertaining to this course.

New CPE Accredited Courses Now Available for Dynamics AX, GP, and NAVEARN CREDITS TODAY