When it comes to testing of appropriate security in Microsoft Dynamics AX, you want to ensure persons will get enough permissions for doing their daily jobs in AX. You don’t want to give too much functionality, namely because of risks. When the user has too less functionality, the normal daily job cannot be executed correctly.
When starting AX2012 the credientials of the windows user is retrieved to log on. A user can have one or more roles to fulfill their daily job. For testing of a security role, in many cases users are created in the Active Diretory for test purposes. When this user is imported in AX, you can assign multiple roles and start testing. To do this, you have to log on as a different user.
With help of the Security Development Tool (SDT), it is possible to open a new test workspace where it will be restricted for a selected role. This is applicable for one role at a time. When it comes to the combinations, I see that many companies again looks for solutions like creating test users, use the consultant or key user for assigning temporary the combination of roles.
It is possible to do this with help of the SDT as well.
How can we achieve this?
When you create a new security role in AX, it is possible to add sub-roles. Include the roles you need in a new ‘Test’ role and you can test the combinations of roles.
Within this post I will also give a walkthrough for creating this role.
- Open System administration, Setup, Security, Security roles.
- Click New to create a new role. Provide the AOT name, Name and a description.
- From the left pane with roles, Drag and drop the roles you want to include to the Role content.
At this point, you have created the role you want to test. This example includes a sales clerk who is also responsible for collections as well.
- Open the Security entry point permissions form from the SDT.
- Select the Test Role.
Within the tree you can already see the permissions for this combination.
- Click the button Open the security test workspace. Now you can test in detail if the user can do his daily job within Microsoft Dynamics AX.
I do hope you liked this post and will add value for you in your daily work as a professional. If you have related questions or feedback, don’t hesitate to use the Comment feature below.
That’s all for now. Till next time!
Hi Arnaud, I have read your securty development tool series and I really get benefit from them. thanks very much.
what I want to ask is it is possible to create a role like admin except to access development environment.
I have created a role and add all menu Items to it :). However, system could not open due to loading of securty rights I guess.
Do you have any idea?
First of all, thanks for reading the blogs and your comment. In multiple environments we have a similar role like you describe: all full access or read only. There is no issue with these roles encountered. You can try to delete client cache files (*.auc and *.kti files from the users appdatalocal folder). If this does not help, I would suggest to contact your partner or create a question on the Microsoft Dynamics community. (http://community.dynamics.com)