Notifications
Announcements
No record found.
Hi All.
I have serious question regarding security roles. There is need for me to create a new security role as powerful as system administrator but cannot access setup.
Is it possible to create as require? I notice that, system administrator role cannot be copy.
Thanks
Please take a look at this:
https://dynamicspedia.com/2013/08/ax2012-create-a-read-only-security-role-walkthrough/
Assuming if you are not giving user setup access, why give them full transaction create as well to avoid any kind of issues. Better to create and use a read-only role.
You can create any role you like by adding existing roles, duties and privileges to a new security role.
System administrator bypasses security completely and has full access to the system. So you can't use that role as a base for anything else.
Hi Satish Panwar,
Actually, this new roles will be use by IT Personnel (support use). Due to audit concern, for support we cannot access the setup. Its for easy monitoring. That why we need to create a new role as powerful as system administrator.
Well, the role is not as powerful as System Administrator if it can't access the setup. So perhaps it's easier to forget the System Administrator role for now.
How could you IT support troubleshoot issues if they can't see setup? That sounds quite difficult in my opinion, because most problems can be understood by looking at the setup.
Try creating a new role and throw all duties in there that starts with inquire. Support shouldn't be changing any data either, if something needs to be changed, it has to be requested from business users. the same concern as setup. Better to provide read-only access to setup as well.
In addition to this, make sure only 1-2 folks have access to production and even that access is granted when there are issues to be reviewed. This will make sure you don't have to get into who did what etc. If other need access, do screen share OR copy data to lower environment for troubleshooting.
Hi Adhha,
I do agree with Satish about creating a read-only role for the IT support. They are not supposed to post transactions. Also the comments from Nikolaos are valid.
If they need to be able to add e.g. new users, you can actually add some maintain duties next to all inquire functions.
Note that IT support could get access on a non-production environment as system administrator to reproduce errors or try out different settings.
Please let us know if you have any more questions on this thread. If your question has been answered, please take time to help verify the answers above. Thank you.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Martin Dráb 611 Most Valuable Professional
André Arnaud de Cal... 529 Super User 2025 Season 2
Sohaib Cheema 285 User Group Leader
