I was wondering if it's possible to prevent specific roles from being able to work with certain business functions in AX by preventing them from being able to see those options. As a hypothetical, I have a Shipping Clerk who has limited access to the system but is for some reason able to see the Accounts payable and Accounts receivable options in the navigation pane. I want to remove those options from the navigation pane for that specific role (Shipping clerk). Is this possible? I do see a node in the AOT for "Menus" but it's not apparent to me whether there's any availability to restrict visibility through configuration.
And just so I'm clear, I'm not talking about using the Navigation pane options to turn off visibility. A savvy enough user could figure that out fairly quickly. I need a solution at a system administration level.
Thanks a bunch!
I just answered another more to the point question of you. On informationsource there is a tutorial video how to use the SDT, but it does not give insight in all of your questions. Maybe you can explore on youtube for more tutorials. Futheron you also have to deal with a learning curve.
André Arnaud de Calavon | Microsoft Dynamics AX Solution architect | My blog | My company
This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.
You can create a new role or customize the current role. But you have to watch that the user has enough rights to do the normal job.
Due to some menu items appearing in several menus, some navigation options will Always be visible.
Andre, thanks for your reply. How exactly would you go about doing what you're suggesting? I'm not sure if this has to be done in the Security Development Tool or on the native System admin screens. And just so I'm not confusing you, I'm referring to the navigation panel on the lower left which lists the business area options such as "Accounts payable", "Accounts receivable", "General ledger", etc.
Any details you can provide would be appreciated. Thanks again.
You can use both SDT or the native admin forms for customizing a security role. It depends on the needs when I prefer the SDT or the native form. It is also possible to do it directly within the AOT. Sometimes this is quicker. E.g. overriding table permissions is quicker to change within the AOT if you know table and field names.
The SDT gives you the best insight in the current state of a role.
I'm have to do a little digging and trial-and-error exploration. If you have any sources which might have some helpful tutorials or readings, I'd appreciate a list. Thanks Andre!