Security Role Template

(0) Share

Report

Posted on by Community Member

Can someone share their experience in implementing security roles? I already know how to use the Security roles, duty and privileges but don't know where to start. Already installed SDT for testing securities. Client is asking for a template that they can use but i cannot find anything available. Most of the roles that they provide does not exists on OOB or it exists but have different definition.

Hope someone can enlighten me on this.

Thanks in advance.

*This post is locked for comments

I have the same question (0)

All responses (9)

Answers (0)

Suggested answer

André Arnaud de Cal... 301,109 Super User 2025 Season 2 on at

Like (0)

Report

Hi JSM,

You can start with e.g. a sheet to know which menu entries should be given acces and if this is full access or read only. With help of the security tool or the function related security roles in the AOT (right click) you can fund out which duties and/or priviliges are used for the menu item. When you grant access to the duty, some related menu items will be granted as well as a privilege can contain more entires and a duty contains more priviliges.

If this approach opens too much options within this role, you can copy e.g. the privilige and/or duty and change the contents of the copy. WIthin the privileges you can delete or disable menu-items. You can replace the old privileges in the duty with the new copies. Also you can delete privileges from the copy.

Note that the SDT does not have support for copying these duties and privileges. You can actually change settings, but that will change the original privileges. As one privilege can be used in multiple roles, you are actually changing more than one role then. So be careful with the SDT.

If a duty has too many permissions, you can also check what the risk would be if someone e.g. has some additional reports or an additional query. If the user can't break anything and can't see anything that is confidential, why doing additional effort to hide one or two reports...

Was this reply helpful? Yes No
Martin Dráb 237,965 Most Valuable Professional on at

Like (0)

Report

And what the template should contain? You get AX with many predefined roles and can adjust them or duplicate them and use for other purposes.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

The template should contain at least the roles, duties and the ax path (menu entries). For example, they provided a Team Leader role which has a description of,

Final Approver of Documents (e.g. Rate Sheets, Contracts, Concessions),

Final Approver of Budgets, Budget Transfers.

I tried to map it to Budget Approval role but i cannot find the same role on 'Final Approver of Documents (e.g. Rate Sheets, Contracts, Concessions) '. I tried to search for duties and privileges with keyword of 'aprrove' and 'document' and have difficulty to find a related one. I suggest the approach that Andre suggested (list all menu items and let the clients decide which roles has access to it) but my PM discourage me to this. As she saying we start with the OOB first then remove the access which not needed. Also she saying that the client provided already a role list that we need to follow, as given example above.

Can you suggest any template that you use when you implementing this security role?

Was this reply helpful? Yes No
Suggested answer

André Arnaud de Cal... 301,109 Super User 2025 Season 2 on at

Like (0)

Report

Hi JSM,

It is also possible to duplicate a role within the AOT. Then you can take this one as the template and later adjust the desired changes. Make sure the name of the role will be unique after copying. So e.g. when the role "Accounting manager" has been copied, rename the copy to e.g. "Accounting manager ({Contoso}) "

When this is not done, you can have wrong fact boxes on list pages and also the SDT cannot handle duplicate role names.

Was this reply helpful? Yes No
Suggested answer

PHAW 460 on at

Like (0)

Report

Hi,

I put together a security Matrix which looks at the Roles and duties within the roles (I only went to this level as going any further would have required visual studio skill to display the information in a meaningful manor.

Please have a look at my blog on security:

patrickhawker.wordpress.com/.../security-part-1

and then you can also download the matrix at:

onedrive.live.com/redir

Hope that helps!!!

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Thanks Patrick this will be very helpful. I check on my database and we have around 1195 duties defined. How can i capture for the new customize forms/reports? Hope you can provide the scripts that you use to generate this excel sheet.

Thanks again.

Was this reply helpful? Yes No
PHAW 460 on at

Like (0)

Report

Hi,

Try the link below. This is the job I run (it isn't the fastest job in the world but it does the job!)

http://1drv.ms/1gAXdYp

Regards

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Patrick

I have the same issue as JSM had before, may I ask to share the template again? I couldn't find it from the above link which seem it's obsolet.

thanks in advance :)

Was this reply helpful? Yes No
GBhagia 15 on at

Like (0)

Report

Hi, The links above don't work as this post is old. Does anyone have a link to template we can give clients to fill in to inform us (as wll as document) permissions and roles to their users?

Thanks in advance.

Was this reply helpful? Yes No