Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Dynamics Ax Security S...
Microsoft Dynamics AX (Archived)

Dynamics Ax Security Setup

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Hello All,

I am setting up the security for my client's finance users and had the requirements. Also, client is using the system for almost an year now.  I was thinking on the best possible approach to do the same. So need your help here. Also, I am well verse with security dev tool.

Requirements:

1. Few users will have access to all the below modules and all the menus under these modules.

  1. Accounts payable.
  2. Accounts receivable.
  3. General ledger.
  4. Cash and bank Management.
  5. Fixed Asset.
  6. Procurement & Sourcing.
  7. Travel & Expenses.
  8. Budgeting

2. Certain users will have access to all the above modules and all the menus under these modules except all Setup menus means i.e. they should not see any menu items under setup section of above modules.


As of now users are assigned to certain standard roles as mentioned below:

Accountant
Accounting manager
Accounting supervisor
Accounts payable centralized payments clerk
Accounts payable clerk
Accounts payable manager
Accounts payable payments clerk
Accounts payable positive payment clerk
Accounts receivable centralized payments clerk
Accounts receivable clerk
Accounts receivable manager
Accounts receivable payments clerk
Budget manager
Chief executive officer
Chief financial officer
Chief financial officer view
Collections agent
Collections manager
CompareRFQ
Cost accountant
Cost clerk
Department Manager
Employee
Financial controller
Financial controller view
FixedAssetReports_Roles
Intercompany debit note report access role
Payble Reports
Procurement Specialist
Purchase Requestor
Purchasing manager

 

Just to summarize what is to be done is:

1. Users to see only the above modules in module window -as of now they are able to see many more modules such as production,product etc because of assigned roles as per shown above.

2.  In the above said modules few users to have full access to all the menus in above modules.

3. In the above said modules few users to have full access to all the menus in above modules except Setup menus means i.e. they should not see any menu items under setup section of above modules.


Now my question is there any way i can hide complete section in one go rather then removing accessing for all the menu items under setup section one by one using security dev tool?

As I have to remove setup access for all of above 8 modules so removing access for so many menu items can be a daunting task .

Otherwise I will be left with no other option but to identify all the setup menu items(across all above 8 modules) access to users using given roles(as mentioned above) and then modify standard roles/duties/privileges to No Access but as i said earlier that way i end up touching hundreds of privileges/entry point access level , an approach that I don't want to follow.

Please help.

Thanks

Manoj Parashar

*This post is locked for comments

  • Suggested answer
    Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at
    RE: Dynamics Ax Security Setup

    The solution is rather trivial. Write an X++ job that traverses the Menus node of the AOT for the modules of your choosing, check the MenuItem associated with all the entries under the Setup submenu of your module, and using the Cross-references tables (starting with xRef*), you could easily find what privileges are linked to that specific setup entry. Alternatively you could check how the Right click of the menu item > Add-ins > Security tools > View related security roles forms is pulling these objects using the model database tables to find the related security objects. Then as Brandon advised, you could disable these as per your requirements.

    I am afraid there is no better or faster solution than doing this with an experienced AX developer.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dynamics Ax Security Setup

    Hi Manoj,

    Please share the logic if u got the solution..

  • Suggested answer
    Brandon Wiese Profile Picture
    Brandon Wiese 17,786 on at
    RE: Dynamics Ax Security Setup

    An often overlooked means of managing security is to simply disable a duty or a privilege, or disable the duty within a role, or a privilege within a duty.  While it may not seem to matter in the short term, later when you're doing an upgrade it will be much easier to identify security objects which have been added or removed via the upgrade versus ones that you did.  By not removing them and merely disabling them, the distinction is obvious down the road.

    In conjunction with what Andre pointed out about security objects often following a naming scheme, you may consider writing some X++ to navigate the AOT and disable security objects or relationships between security objects with code, if a naming pattern can be found that lends itself to that approach.

  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,269 Super User 2024 Season 2 on at
    RE: Dynamics Ax Security Setup

    Hi Manoj,

    The setup menu items are usually grouped in duties/privileges using a certain naming convention. So you can look for e.g. "enable" and "review... process" in the naming and take out (or do not add on new roles) these security objects from your roles. Removing these duties/privileges is not supported by the SDT, so this needs to be done from the AOT directly.

    Then you can use the SDT to verify if not too many menu-items were removed.

  • Suggested answer
    Sohaib Cheema Profile Picture
    Sohaib Cheema 46,610 User Group Leader on at
    RE: Dynamics Ax Security Setup

    There is no way to hide a section(Setup, common etc.) it needs to go menu by menu.

    Security in AX 2012 is role based, so if let’s suppose you have given a role to a user, using which he/she is able to see Account Receivable Module; user will also see another module i.e. Sales & Marketing. This is because below screens are shared between the two modules

    • All customers

    • All sales order.

    So, in case if user complaints you why my user is able to see other modules, which are not supposed to be visible. Tell them “AX2012 has ROLE based security”.

    I know I frustrating  to go menu by menu, as you will create new roles, to hide those setup portions, you have to, unless you are really good at coding and can create code in x++ to do this for you on one click.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans