Microsoft Dynamics AX 2012 Security Framework

1. Microsoft Dynamics AX 2012 Security Framework By Gopalakrishnan S

2. Dynamics AX 2009 • The security model was module based. • Users were assigned to user groups which grouped permissions to the various objects. • These permissions were controlled by security keys. • The biggest drawback of this model was that you could not have the same security user group apply across multiple companies. You still had to create the same user group across different groups. Dynamics AX 2012 • The security model is role based. • Users are assigned to roles. Roles contain a group of duties or privileges. • The Security keys in the AOT are now obsolete in Dynamics AX 2012. It is present for backward compatibility. If you right click on the Security keys node, you don't have an option to create a new security key. Instead, in the AOT, you will find a new node – Security. This further has sub nodes – Privileges, Duties and Roles.

3. Backward compatibility

5. Authentication • Authentication is the process of establishing the user’s identity. Authorization • Authorization, also referred to as access control, determines whether a user is permitted to perform a given action.

7. Security role • Security roles represent a behavior pattern that a person in the organization can play. • A security role includes a defined set of application access privileges. • A security role can be defined as a group of duties for a job function. • Users are assigned to one or more security roles. Each user must be assigned to at least one security role to have access to Microsoft Dynamics AX. • Examples of security roles: Shipping Clerk, Accounts Receivable Clerk, System Administrator.

8. Duty • A duty is a responsibility to perform one or more tasks or services for a job. • A duty can be defined as a group of related privileges allowing a specific business function. • A Duty is a set of application access privileges that are required for a user to carry out their responsibilities. • A duty can be assigned to more than one role.

9. Process & Process cycle • A functional work structure that an organization is responsible for designing, controlling, and improving. • A process consists of a coordinated set of activities in which one or more participants consume, produce, and use economic resources to achieve one or more organizational goals • Process cycles organize duties and access privileges according to high level processes. • A process cycle can be defined as a group of duties for a job function. • To help the system administrator locate the duties that must be assigned to roles, duties are organized by the business processes that they belong to.

10. Privilege • A privilege specifies the access that is required to accomplish a job, problem, or assignment. • A privilege contains permissions to individual application objects, such as user interface elements and tables • Privileges group together related securable objects. For example, menu items and controls. • Privileges can be assigned directly to roles. However, for easier maintenance, we recommend only assigning duties to roles.

11. Permission • Permission refers to the securable objects and associated access levels that are required to perform the function associated with an entry point. This could include any tables, fields, forms or server side methods that are accessible through the entry point. • Security permissions are used to control access to individual application elements: menus, menu items, action and command buttons, reports, service operations, Web URL menu items, Web controls, and fields in the Windows client and Enterprise Portal. • Permissions group securable objects and permissions that are required for them. For example, form and report permissions. • In Microsoft Dynamics AX, individual security permissions are combined into privileges, and privileges are combined into duties. Entry point • An entry point is the object that triggers a user action to start a particular function, such as a form or a service. • In Microsoft Dynamics AX, there are three different types of entry points ‐ menu items, Web content items and service operations.

12. Permission Entry Point

13. Set Permission for Form Create Previlege

14. Record Level Security • It builds on the restrictions that are enforced by user group permissions. • User group permissions let you restrict Menu,Forms & Reports Extended Data Security • It lets to write more powerful queries • More secured not only UI and also Server Level • Not only the table fields but also on Data in other Table Table Permissions Framework (TPF) • The Table Permissions Framework (TPF) enables administrators to set restrictions on tables that store data, including sensitive data. • To enable TPF, an administrator specifies a value for the AOSAuthorizationProperty on a specific table in the Application Object Tree (AOT). • It is used to authorize Create, Read, Update, and Delete operations.

15. Thank you Any Queries ??

17. A security role represents a behavior pattern that a person in the organization can play. A security role includes one or more duties. • A duty is a responsibility to perform one or more tasks. A duty includes one or more privileges • Privileges specify the access that is required toperform a duty. A privilege includes one or more permissions. • Permissions include the access level to one or more securable objects that are required to perform the function associated with an entry point. Entry Points • An entry point is the element that is triggered by a user action to start a particular function. • Menu items • Web content items • Service operations