Can anyone guide,how AX 2012 data can be encrypted and secured from System Administrator. For example Company don't want to give access to its bank account transactions access to System Administrator, same way for the employee salaries data, and many other information which are irrelevant to System Administrator should not be accessed to System Administrator. Its not that system administrator is not trusted person of the organization, he is the one who is custodian of the system technically not business wise. As such data is confidential information for the organization.
Looking forward for applicable solution ASAP. Thanks
Microsoft recommends Transparent Data Encryption for such things (namely for protecting credit card information). Unfortunately I'm not familiar with that, so I can't tell you anything more.
Martin "Goshoom" Dráb | Freelancer | Goshoom.NET Dev Blog
Need more details about Transparent Data Encryption for ax 2012 . Kindly provide more links or documents .Kindly mail it firstname.lastname@example.org
Here's my 2 cents.
I take that the "System Administrator" means a user who has the "System Administrator" role in AX. In that case, there's not much can be done.
Even though they are only responsible for the technical side of things, but if we are looking to "technically" securing some data, then the whole thing, including the data, has become part of the System Administrator's domain.
I'd like to think that, just like a company would trust a financial manager that he/she would not disclose sensitive information; a company would also need to trust that a system administrators won't disclose sensitive data to anybody.
My blog | PBC
This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
It seems that you should explain to us what exactly you mean by "system administrator". Which tasks does your "system administrator" do?
For example, a system administrator role in AX and a person maintaining hardware (who never needs access to encrypted business data) obviously need completely different permissions.
I have the same requirement to secure data from System Administrator.
In my case System Administrator is someone with system administrator role in AX, so s/he have direct access to AOT.
Any suggestions to secure the data?
Thank you in advance.
Who should be allowed to access data in your case? A user with a specific encryption key? Or all users except the administrator? ;-)
Not all users, but only user with specific encryption key can access the data.
You cant remove the permissions to System Administrator user whose ID is used for Installation of dynamics AX
for many system maintenance purpose that particular user is required and any change in that user will cause issues with the system
in your scenario it is recommended that you should create a power user with appropriate access
May be you need to create new role as per your requirement
Please verify and update us if you need any further help
If this post helps you, Please verify this answer and earn Thank you Badge for yourself (Follow this link for more details https://community.dynamics.com/braggerbadges/badge/48.aspx)
If we create a new role, the System Administrator still can see the data, since system administrator is the power user itself.
In this case you need not assign standard System Administrator security Role to any one.
Keep it reserved and utilize only in adverse situation
assign new role with limited technical function access to system administrator
Please verify if this helps you
If you say that "only user with specific encryption key can access the data", then I don't see any problem. You'll store encrypted data in your table and give the encryption only to selected users (excluding your administrator). Your admin will be able to read the data, but not to decrypt it.