Granting users access to individual organizations in AX 2012

(0) Share

Report

Posted on by Salome van der Merwe

340

I've been tasked with setting up security for a new implementation. Please note that I am not a developer or technical staff.

The problem as follows:

I've set up a number of new roles, assigned users to these roles, and granted each role access to individual organizations. However, when I test the roles with limited organzational access, the users can still see all the organizations.

This setup has all been done in a standard AX 2012 environment with the preloaded Contoso companies to test the setup process.

What am I doing wrong? Where should I start looking for the issue?

*This post is locked for comments

All responses (6)

Answers (1)

Johnny 6,420 on at

Like (0)

Report

RE: Granting users access to individual organizations in AX 2012

Hello,

What should be a result, if you have selected let say entity1 as a default company and you have assigned another entity2 to the role that user has?

In Standard AX (Contoso) I see that it is opened in default company (entity1) and no modules or other entities are listed.

In our environment with exactly same setup, I see that AX is opened in entity1, but it has same roles as is assigned to entity2.
Mohammed Khatib 430 on at

Like (1)

Report

RE: Granting users access to individual organizations in AX 2012

Thank you very much for this post, it is very useful.

Please note that you can hid other companies from the list by doing the following:

1- The user must have at least two security roles, the System User Security Role and other security role as (Accountant).

2- Set the default company on the user record.

3- Assign Organizations to the both security roles, so then the system will hide all companies except the one assigned to him/her.
Salome van der Merwe 340 on at

Like (0)

Report

Re: Granting users access to individual organizations in AX 2012

That's correct, yes. Thank you very much for your help.
Suggested answer

Kartik Kurup 435 on at

Like (0)

Report

Re: Granting users access to individual organizations in AX 2012

"they can still see the list of all companies, but cannot access the companies they shouldn't have access to"

I am assuming from the above statement that you are talking about the 'Select Company' window. If so, then yes, there is no way around it. At least the users are not able to log onto the companies they shouldn't have access to. So, we know that the security setup is working fine in collaboration with the Org Hierarchy. The only thing is that they are able to SEE the company but not access it. From you've told me about the implementation, I highly doubt this would be a significant issue.

Nevertheless, in previous versions this was done through Domains i.e. users will see a list of foreign companies only if those companies are added to a specific domain. But 2012 doesn't have that concept anymore. The only other way to Not be able to see them is to create AD groups. Again, I highly doubt that you would want to go down that path given the scale of implementation.

Also, I hope you copied the original roles and modified the copy to make any adjustments, just so you have a backup.
Salome van der Merwe 340 on at

Like (0)

Report

Re: Granting users access to individual organizations in AX 2012

Hi,

Thanks for the information! I did leave out the org hierarchy, and now that it's been updated the users have the correct access. Only one other thing - they can still see the list of all companies, but cannot access the comapnies they shouldn't have access to. Am I correct in assuming that this is just an AX thing?

As for the out of the box roles - the company the implementation is for has vey limited requirements for what users should be able to do. The general purchasing and invoicing role permissions are too wide-ranging for them.

Thanks for your help!
Verified answer

Kartik Kurup 435 on at

Like (0)

Report

Re: Granting users access to individual organizations in AX 2012

Given that I was on your boat not too long ago...I have some questions for you. Why did you have to create new roles? Weren't the ones out of the box sufficient?

Also, I've tested the assignment of a user to individual user, and the way it's usually done is: Org Admin | User | select user | highlight the specific role in the tree structure | click on 'assign organizations' | select 'Grant access to specific organization individually' | Select a Org Hierarchy (usually "Legal Entity" | select a company | and click on 'Grant with children' on the bottom pane.

Now, one thing that I didn't see in your question was, Org Hierarchy. It is important that you create a org hierarchy for this to take effect. Ensure that your org hierarchy has 'Legal Entity' as the org hierarchy purpose. It's really important that you publish your Org Hierarchy structure. Once this is done and you go through the above mentioned steps, you should be able to see specific users having access to specific organizations.

Hope this helps.

Granting users access to individual organizations in AX 2012

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Meet the Top 10 leaders for December!

Get Started Blogging in the Community

Leaderboard

Featured topics

Product updates

Granting users access to individual organizations in AX 2012

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Meet the Top 10 leaders for December!

Get Started Blogging in the Community

Subscribe to this forum!

Select categories

Leaderboard

Featured topics

Product updates