Role-Based Security with Forms in Microsoft Dynamics AX 2012

Overview

Microsoft Dynamics AX 2012 uses a role-based security framework to assign permissions to users of AX. A user must be assigned to one or more security roles in order to access different functions within AX.

Pre-requisites

1. Microsoft Dynamics AX 2012
2. At least one user must be setup (System administration à Common à Users à Users)

Important Concepts

1. Security roles

Security roles define a particular function that an individual plays in an organization. Security roles are groups of duties and privileges which define the functionality a user can access and parts of the interface a user can view.

2. Process cycles

Process cycles are used to organize duties and privileges according to the business processes used in an organization. They are not directly assigned to the user but helps in organizing higher level process of the organization.

3. Duties

Duties correspond to individual task that a user can perform, and group related privileges into a single task. Each duty can be assigned to one or more security roles depending upon the business process in question.

4. Privileges

Privileges are used to give access to individual application objects like forms and reports. A privilege defines the level of permission that is required to access an application object in AX. Privileges group together permissions that are necessary to complete a specific job.

5. Entry point

An entry point corresponds to a starting point that a user is required to access in order to perform a job. Each function in AX is accessed through an entry point. There are 3 different types of entry points in AX:

• Menu items
• Web menu items
• Service operations

6. Permissions

Permissions are used to control access to each individual object in Dynamics AX. The level of permission is controlled by the associated Access level. Following are the different Access levels available in AX:

• Read
• Update
• Create
• Correct
• Delete
• No Access

Read represents the weakest permission. Delete is the highest permission that can be assigned. When an access level is assigned, all the permissions below it hierarchically are automatically included. For example, Create permission also includes Update and Read. No Access is used to deny user permission to a particular object.

Scenario

As part of this tutorial, role-based security will be applied to the Customer groups form (Accounts receivable à Setup àCustomers à Customer groups).

Steps

1. First, to create a new privilege go to AOT à Security à Privileges


2. Right click on Privileges and select New Privilege



3. Name it CustomerGroupView
   Note: It is a best practice to name a Privilege as MenuItemName + View/Maintain depending upon the Access level


4. Set the Label of the privilege as Customer group view
   


5. Now expand the newly created privilege and create an entry point by right clicking on Entry Points and selectingNew Entry Point



6. Name the entry point as CustGroup and set the AccessLevel to Read


7. Set the ObjectType to MenuItemDisplay and ObjectName to the menu item of the Customer group form,CustGroup
   


8. Save the privilege


9. Now create a duty and assign the above created privilege to the duty


10. Go to AOT à Security à Duties


11. Right click on Duties and select New Duty to create a new duty
    


12. Name the duty as CustomerGroupView and set the Label as Customer group view



13. Expand the above created duty and create a new privilege by right clicking on the Privileges node and select New Privilege



14. Select the CustomerGroupView privilege in the Name field and save the duty
    Note: You can also drag and drop the privilege on the Privileges node



15. Next create a new role by going to AOT à Security à Roles


16. Right click on Roles node and select New Role



17. Name the role as SecurityDemo and Label it as Security demo



18. Expand the above created role and right click on Duties node and select New Duty



19. Select the CustomerGroupView duty in the Name field and save the role
Note: You can also drag and drop the duty on the Duties node



20. Now assign the above role to a user Dynamics AX. Go to System administration à Setup à Security à Assign users to roles



21. On the Assign users to roles form, select the above created role in the left tree and click on Manually assign / exclude users



22. In the opened dialog, select the user to which you want to assign the role and press Assign to role



23. A green check mark will appear in case of successful assignment. Close the form


24. Now login with the selected role


25. Only the functions assigned to the user will be visible. In this case only the Customer groups form is visible since theSecurity Role contains only one duty. Also note that only those Menus will be visible that contains the menu item assigned in the Privilege