Can anyone guide,how AX 2012 data can be encrypted and secured from System Administrator. For example Company don't want to give access to its bank account transactions access to System Administrator, same way for the employee salaries data, and many other information which are irrelevant to System Administrator should not be accessed to System Administrator. Its not that system administrator is not trusted person of the organization, he is the one who is custodian of the system technically not business wise. As such data is confidential information for the organization.
Looking forward for applicable solution ASAP. Thanks
Microsoft recommends Transparent Data Encryption for such things (namely for protecting credit card information). Unfortunately I'm not familiar with that, so I can't tell you anything more.
Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog
Need more details about Transparent Data Encryption for ax 2012 . Kindly provide more links or documents .Kindly mail it email@example.com
Here's my 2 cents.
I take that the "System Administrator" means a user who has the "System Administrator" role in AX. In that case, there's not much can be done.
Even though they are only responsible for the technical side of things, but if we are looking to "technically" securing some data, then the whole thing, including the data, has become part of the System Administrator's domain.
I'd like to think that, just like a company would trust a financial manager that he/she would not disclose sensitive information; a company would also need to trust that a system administrators won't disclose sensitive data to anybody.
My blog | PBC
This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
It seems that you should explain to us what exactly you mean by "system administrator". Which tasks does your "system administrator" do?
For example, a system administrator role in AX and a person maintaining hardware (who never needs access to encrypted business data) obviously need completely different permissions.