Can someone share their experience in implementing security roles? I already know how to use the Security roles, duty and privileges but don't know where to start. Already installed SDT for testing securities. Client is asking for a template that they can use but i cannot find anything available. Most of the roles that they provide does not exists on OOB or it exists but have different definition.
Hope someone can enlighten me on this.
Thanks in advance.
*This post is locked for comments
Hi Patrick
I have the same issue as JSM had before, may I ask to share the template again? I couldn't find it from the above link which seem it's obsolet.
thanks in advance :)
Hi,
Try the link below. This is the job I run (it isn't the fastest job in the world but it does the job!)
Regards
Thanks Patrick this will be very helpful. I check on my database and we have around 1195 duties defined. How can i capture for the new customize forms/reports? Hope you can provide the scripts that you use to generate this excel sheet.
Thanks again.
Hi,
I put together a security Matrix which looks at the Roles and duties within the roles (I only went to this level as going any further would have required visual studio skill to display the information in a meaningful manor.
Please have a look at my blog on security:
patrickhawker.wordpress.com/.../security-part-1
and then you can also download the matrix at:
Hope that helps!!!
Hi JSM,
It is also possible to duplicate a role within the AOT. Then you can take this one as the template and later adjust the desired changes. Make sure the name of the role will be unique after copying. So e.g. when the role "Accounting manager" has been copied, rename the copy to e.g. "Accounting manager ({Contoso}) "
When this is not done, you can have wrong fact boxes on list pages and also the SDT cannot handle duplicate role names.
The template should contain at least the roles, duties and the ax path (menu entries). For example, they provided a Team Leader role which has a description of,
Final Approver of Documents (e.g. Rate Sheets, Contracts, Concessions),
Final Approver of Budgets, Budget Transfers.
I tried to map it to Budget Approval role but i cannot find the same role on 'Final Approver of Documents (e.g. Rate Sheets, Contracts, Concessions) '. I tried to search for duties and privileges with keyword of 'aprrove' and 'document' and have difficulty to find a related one. I suggest the approach that Andre suggested (list all menu items and let the clients decide which roles has access to it) but my PM discourage me to this. As she saying we start with the OOB first then remove the access which not needed. Also she saying that the client provided already a role list that we need to follow, as given example above.
Can you suggest any template that you use when you implementing this security role?
And what the template should contain? You get AX with many predefined roles and can adjust them or duplicate them and use for other purposes.
Hi JSM,
You can start with e.g. a sheet to know which menu entries should be given acces and if this is full access or read only. With help of the security tool or the function related security roles in the AOT (right click) you can fund out which duties and/or priviliges are used for the menu item. When you grant access to the duty, some related menu items will be granted as well as a privilege can contain more entires and a duty contains more priviliges.
If this approach opens too much options within this role, you can copy e.g. the privilige and/or duty and change the contents of the copy. WIthin the privileges you can delete or disable menu-items. You can replace the old privileges in the duty with the new copies. Also you can delete privileges from the copy.
Note that the SDT does not have support for copying these duties and privileges. You can actually change settings, but that will change the original privileges. As one privilege can be used in multiple roles, you are actually changing more than one role then. So be careful with the SDT.
If a duty has too many permissions, you can also check what the risk would be if someone e.g. has some additional reports or an additional query. If the user can't break anything and can't see anything that is confidential, why doing additional effort to hide one or two reports...
#1
André Arnaud de Cal...
291,391
Super User 2024 Season 2
#2
Martin Dráb
230,445
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
