Question Status

Verified
KBanh asked a question on 9 May 2013 8:59 AM

Greetings. I've been asked to provide a "global" functionality (Production Information Management->Common->Release Products) to all AX users in our implementation. The form/function is available to the Account Payable Manager so what I'm thinking to do is duplicate that role and start removing all the other accesses. I'm using the Security Development Tool to update/remove the privileges but it's SUPER SLOOOOW. I'm drilling down into each duty and applying the access level (e.g., no access) but the time it takes is in the order of minutes. Couple of questions...

1. Am I using a proper approach in applying a global access?

2. Is the SDT an efficient tool for what my approach? If not, any suggestions?

3. Is the timing it take to modify the access in the SDT in line with your past experience?

Thanks in advance!

Reply
Parth Pandya responded on 9 May 2013 11:17 AM

Can you walk through the steps you are following to remove the access that you don't require (using the SDT)? It is not clear to me whether the tool is slow for you or the sequence of steps you are following is taking time.

Reply
Verified Answer
André Arnaud de Calavon responded on 9 May 2013 12:31 PM

Hi

Adding or removing by use of the SDT is slow because every now and then the tree with actual access is being rebuild. So your approach is not the quickest.

Use this tool to find out what duty or privilege is used for the released products (view or maintain?).

Then just add this privilege or duty to a new role or the role system user. The system user role gives users the basic functionality to use AX.

You can use either the SDT for this or do it by use of.the standard administration form or AOT directly.

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply
KBanh responded on 9 May 2013 3:18 PM

What I'm doing is duplicating the Accounts payable manager role in the AOT. Then I go into the SDT, pull up the duplicated role, then I traverse the various nodes which I do not want, I go through each entry point, find the corresponding duties (highlighted), drill down to the privileges (highlighted), right click and choose "apply entry point access...". Then I wait for minutes as it applies the access level. If there's a quicker way, please let me know.

Reply
KBanh responded on 9 May 2013 4:02 PM

Andre, I apparently had a HUGE brain fart with the SDT. I took your high-level steps and walked through the SDT and all of a sudden the light bulb went on! I do understand now how at a duty/privilege level to control access to, in my case, forms. What I'm missing now is finding the relationships between the main form to the child form within. To be fair, my brain is mush right now so I'll pick it up later but as always if you have any tips or suggestions they'd be greatly appreciated. Thanks so much!!!

Reply
André Arnaud de Calavon responded on 10 May 2013 12:17 AM

Hi Kbanh,

Please note that if you change the level access of the entry points within the SDT, the privilege in the AOT will be changed. So every role where this privilege is used directly or by the duty the access will be changed.

I have seen major issues where people use this tool wothout knowing the architecture of security in AX2012.

I still prefer doing changes within the AOT or the Security role form.

The SDT is a great help for insight in the contents of the role. Also helpful for recordimg menu items of subforms. I also use it for testing a role.

Factbox acces is mostly grouped within the privilege of the form itself.

Subforms like Transactions are sometimes within the same privililege, but do have mostly other privileges for seperating several duties.

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply
Verified Answer
André Arnaud de Calavon responded on 9 May 2013 12:31 PM

Hi

Adding or removing by use of the SDT is slow because every now and then the tree with actual access is being rebuild. So your approach is not the quickest.

Use this tool to find out what duty or privilege is used for the released products (view or maintain?).

Then just add this privilege or duty to a new role or the role system user. The system user role gives users the basic functionality to use AX.

You can use either the SDT for this or do it by use of.the standard administration form or AOT directly.

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply