Question Status

Suggested Answer
AX 2012 User asked a question on 13 Jul 2013 8:28 AM

Hi,

 

Can anyone guide,how AX 2012 data can be encrypted and secured from System Administrator. For example Company don't want to give access to its bank account transactions access to System Administrator, same way for the employee salaries data, and many other information which are irrelevant to System Administrator  should not be accessed to System Administrator. Its not that system administrator is not trusted person of the organization, he is the one who is custodian of the system technically not business wise. As such data is confidential information for the organization.

Looking forward for applicable solution ASAP. Thanks

 

Reply
Martin Dráb responded on 15 Jul 2013 11:23 AM

Microsoft recommends Transparent Data Encryption for such things (namely for protecting credit card information). Unfortunately I'm not familiar with that, so I can't tell you anything more.

Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog

Reply
Mohan Somashekara responded on 8 Sep 2014 12:14 AM

Hello Martin

Need more details about Transparent Data Encryption for ax 2012 . Kindly provide more links or documents .Kindly mail it mohansomashekar@gmail.com

Regards

Mohan Somashekara

Reply
Dominic Lee responded on 8 Sep 2014 1:17 AM

Hi Ax2012,

Here's my 2 cents.

I take that the "System Administrator" means a user who has the "System Administrator" role in AX. In that case, there's not much can be done.

Even though they are only responsible for the technical side of things, but if we are looking to "technically" securing some data, then the whole thing, including the data, has become part of the System Administrator's domain.

I'd like to think that, just like a company would trust a financial manager that he/she would not disclose sensitive information; a company would also need to trust that a system administrators won't disclose sensitive data to anybody.

kind regards,

Dominic Lee

My blog | PBC

This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Reply
Martin Dráb responded on 15 Sep 2014 3:45 PM

It seems that you should explain to us what exactly you mean by "system administrator". Which tasks does your "system administrator" do?

For example, a system administrator role in AX and a person maintaining hardware (who never needs access to encrypted business data) obviously need completely different permissions.

Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog

Reply
Esther Mulijono responded on 28 Jan 2015 6:26 AM

Hi,

I have the same requirement to secure data from System Administrator.

In my case System Administrator is someone with system administrator role in AX, so s/he have direct access to AOT.

Any suggestions to secure the data?

Thank you in advance.

--

Esther

Reply
Martin Dráb responded on 28 Jan 2015 6:43 AM

Who should be allowed to access data in your case? A user with a specific encryption key? Or all users except the administrator? ;-)

Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog

Reply
Esther Mulijono responded on 28 Jan 2015 10:28 AM

Hi Martin,

Not all users, but only user with specific encryption key can access the data.

Regards,

Esther

Reply
Suggested Answer
Nitesh Ranjan responded on 28 Jan 2015 5:48 PM

You cant remove the permissions to System Administrator user whose ID is used for Installation of dynamics AX

for many system maintenance purpose that particular user is required and any change in that user will cause issues with the system

in your scenario it is recommended that you should create a power user with appropriate access

May be you need to create new role as per your requirement

Please verify and update us if you need any further help  


Please update with your feedback.

Regards, NITESH RANAJN (PMP) | Dynamics AX Consultant

If this post helps you, Please verify this answer and earn Thank you Badge for yourself (Follow this link for more details https://community.dynamics.com/braggerbadges/badge/48.aspx)

Reply
Esther Mulijono responded on 28 Jan 2015 8:05 PM

Hi Nitesh,

If we create a new role, the System Administrator still can see the data, since system administrator is the power user itself.

Reply
Suggested Answer
Nitesh Ranjan responded on 28 Jan 2015 9:51 PM

In this case you need not assign standard System Administrator security Role to any one.

Keep it reserved and utilize only in adverse situation

assign new role with limited technical function access to system administrator

Please verify if this helps you


Please update with your feedback.

Regards, NITESH RANAJN (PMP) | Dynamics AX Consultant

If this post helps you, Please verify this answer and earn Thank you Badge for yourself (Follow this link for more details https://community.dynamics.com/braggerbadges/badge/48.aspx)

Reply
Martin Dráb responded on 29 Jan 2015 1:51 AM

If you say that "only user with specific encryption key can access the data", then I don't see any problem. You'll store encrypted data in your table and give the encryption only to selected users (excluding your administrator). Your admin will be able to read the data, but not to decrypt it.

Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog

Reply
Suggested Answer
Nitesh Ranjan responded on 28 Jan 2015 5:48 PM

You cant remove the permissions to System Administrator user whose ID is used for Installation of dynamics AX

for many system maintenance purpose that particular user is required and any change in that user will cause issues with the system

in your scenario it is recommended that you should create a power user with appropriate access

May be you need to create new role as per your requirement

Please verify and update us if you need any further help  


Please update with your feedback.

Regards, NITESH RANAJN (PMP) | Dynamics AX Consultant

If this post helps you, Please verify this answer and earn Thank you Badge for yourself (Follow this link for more details https://community.dynamics.com/braggerbadges/badge/48.aspx)

Reply
Suggested Answer
Nitesh Ranjan responded on 28 Jan 2015 9:51 PM

In this case you need not assign standard System Administrator security Role to any one.

Keep it reserved and utilize only in adverse situation

assign new role with limited technical function access to system administrator

Please verify if this helps you


Please update with your feedback.

Regards, NITESH RANAJN (PMP) | Dynamics AX Consultant

If this post helps you, Please verify this answer and earn Thank you Badge for yourself (Follow this link for more details https://community.dynamics.com/braggerbadges/badge/48.aspx)

Reply