web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / AX security rolls and ...
Microsoft Dynamics AX (Archived)

AX security rolls and duties

(0) ShareShare
ReportReport
Posted on by Darshanak 261

Dear Consultants,

Please read below and confirm whether my understating is correct.

IN AX, we have security rolls (highest level) and then under that we have duties (middle level) and then we have privileges.

If we do a change to a privilege that change will apply for all the duties which that privilege is being assigned. (pls. correct if I'm wrong)

 

If we do a change to a Duty (ie. if we add a new privilege to a duty), it will apply for all the security rolls which that duty is assigned.(pls. correct if I'm wrong)

What is the benefit of having both Duties and Privileges? please advise

Thanks!

Darshan K

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Chaitanya Golla Profile Picture
    Chaitanya Golla 17,225 on at

    Hi Darshan,

    Ax Security is organized hierarchically. As you stated the hierarcy follows through security Roles, process cycles, security duties and security privileges.

    Roles can be assigned to users, privileges helps to assign permissions on specific application elements like menuItems(under Entry points node), Tables, Forms(Form controls also) and Server methods.

    Privileges are combined into duties. Duties and privileges can be assigned to user roles.

    Benefits of having duties and privileges is that it can be easily maintained and based on business need either duties(grouped privileges) or individual privileges can be assigned to the user role.

    Regarding your question i.e the effect of changes to duties on roles and changes of privileges on duties is true. If you are looking for a specific security question, let us know will try to solve it.

    Please refer the following link to understand the security architecture of ax 2012

    (technet.microsoft.com/.../aa496919.aspx)

    Hope this information helps you.

  • Suggested answer
    Muthusamy Profile Picture
    Muthusamy 4 on at

    Hi Darshanak,

    Your statement is correct.

    Privileges can be grouped by many menu items with different access as required.

    Duties can be grouped by multiple privileges as required.

    Same privilege can be assigned to different duties. same duties can be assigned to different roles.

    For e.g. In, General Journal form we can create a multiple privileges like to create access for journal, post access for journal and view access for journal.

    Create Duty (Create Privileges), View Duty(View Privileges) and Post Duty (Post Privileges).

    We have multiple Accounts roles in an organization and duties are assigned like,

    Role A - Create Duty

    Role B - Post Duty

    Role C - Create Duty and Post Duty

    Role D - View Duty

    We can reuse the privileges across duties and also, we can reuse duties across roles.

    We have to handle carefully when reusing privileges and duties. As you said, we do any change in privileges/duties and the impact will be in all related assigned roles.

    Hope, you will get some idea.

    Thanks,

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,053 Super User 2025 Season 2 on at

    Hi Darshanak,

    In addition to the valuable answers above:

    There are about 1300-1500 duties in the application. The number of privileges is over 9000. Numbers are estimated by me.  These privileges controls access for over 20000 entry points.

    You can compare the structure a bit with an organization. One managing director cannot manage 20000 employees. For that there are management levels to have an overview.

    Like stated above, privileges can be reused in several duties. If you need to have a feature where a user may be enter vendor data, except for the bank accounts, you can easily copy the duty and remove the privilege related to maintaining bank accounts or replace it with the view privilege.

    One downside of using privileges on role level, is that it will not be included in the segregation of duties checks.

  • Suggested answer
    Maciej Krzysztofik Profile Picture
    Maciej Krzysztofik 290 on at

    As an add to great answers from my collegues : For better understanding of Security roles, duties and priviliges i suggest getting familiar with Security Developement Tool for Ax2012. It will show You differences between them and areas they cover and how they are constructed.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans