Hi all,
I've been struggling with a security issue in AX 2012 R2 for over a week and I'm finally to the point where I feel I've tapped out all of the resources on the internet and after following the instructions on how to use roles and privileges to secure a button (https://docs.microsoft.com/en-us/dynamicsax-2012/developer/how-to-use-roles-and-privileges-to-restrict-access-to-a-button) and STILL not getting it to work, I've decided to see if the community can help me out.
Here's my scenario. When we first implemented AX (AX2009) we had a third party VAR create a credit solution for us to lock sales orders if the customer in question was not credit worthy. To accomplish this, they added two new fields to the SalesTable and utilized the SalesTable.SalesType field to determine a credit hold (basically, if they are not credit worthy, the salestype is Journal) They then added a button to the SalesTable form to allow for a release of the hold. Anyone who can access the form can access the button, and it has been this way ever since we implemented AX back in 2011-12.
Well we just discovered a few weeks ago that every sales person has the right to release their own holds. This function should only be allowed access by credit users so I created some classes to mimic the release button and a second function we want credit to perform, created menu items for these functions and then created a privilege that grants rights to the menu items. I then added the menu items to the form.
I have two roles--Sales and Credit. Effectively, we want to make it so Sales can edit all of the sales table, except for the salestype and the two custom fields I listed above. Conversely we want credit to ONLY be able to edit the salestype and the two custom fields. The buttons I created do that. But here's my problem--the Sales role has effective DELETE access to SalesTable. Credit has effective READ access to SalesTable. If I add the privilege to the Credit role the menu item buttons do not appear on the form for the credit user, even when I give the credit user UPDATE access to SalesTable through the privilege. However, on a hunch, I added the privilege to the Sales role and the buttons do appear when they have the privilege.
I've searched up and down on the internet looking for a solution but have come up empty. I am assuming that my issues likely have to do with the fact that Credit's rights are severely restricted in this instance. If I had it to do over, I would have had the VAR put the credit fields in their own table, but hindsight is always 20/20 and redesigning the solution, while an option, is something we'd really, really like to avoid.
Thanks for any advice you might have on this.
Brandt
