Understanding Security in Microsoft Dynamics AX 2012

Posted on: May 25, 2016 | By: Jarrod Kraemer | Microsoft Dynamics AX/365

Authored by: Rosey McAdams

Establishing security for your Dynamics AX users can be a daunting experience if you do not fully understand how security is built in Dynamics AX. Understanding the security architecture in Dynamics AX will help make security setup for your organization much more straight forward and simple. Once you understand the building blocks of security in AX, your organization can determine a process for configuring security to meet your needs.

The first thing to understand about AX security is that although AX comes with predetermined security roles, out of the box, security roles can always be customized or even built from scratch to meet your needs. AX security is setup as a hierarchy, the top level of AX security is a security role. A security role is an overall title for the security access that a certain type of employee would have. For example, out of the box, AX has roles for AP Supervisor or Chief Financial Officer, keep in mind you can also build a new role from scratch, for example we have seen clients build an AP Specialist role. All security roles are comprised of duties and privileges, which will be further explained below.

When building a custom role, or when adding duties and privileges to roles a hierarchy is used to help you find the duties or privileges you need. The top level of this hierarchy is a process cycle. A process cycle defines a set of activities included in a certain business process. An example of a process cycle would be Revenue Cycle. Within the process cycles there are duties. An example of a duty would be approve customer invoices. Within duties there are privileges. An example of a privilege would be approve customer journals. A screenshot of the structure of Process Cycles, Duties, and Privileges is shown below.

Now that we have a better understanding of the building blocks of AX security, the best way learn how to setup security access on a user is through an example. Follow the steps below to setup security on a user (note, you must actually have the appropriate security to setup user security J).

1) Navigate to System Administration-> Common->Users

2) Double click on the user account that you would like to setup security on.

3) Once you are in the user, on the bottom half of the screen is where you can setup the user security, on the User’s roles fast tab. Here you can assign roles, edit roles or remove roles.

Each user can be assigned one or several out of the box or custom roles. Roles are what drive the user’s security access.

4) To assign a new role to a user click on assign roles.

5) Once in the assign roles for choose the role you want to assign to this user and click OK, Buying Agent for example.

Now, how did we know that the buying agent role was the role that contained all of the functionalities we needed for this user? Before you assign users with security you will need to figure out all of the functionalities they will need to perform. From there, you will go into the AX roles and find which role, or combination of roles, will need to be added to this user so that they can carry out their day to day activities. To find out what functionalities each role includes follow these steps:

1) Navigate to System Administration -> Setup -> Security Roles

2) Click on the security role that you would like to look into

3) Under the role content fast tab you will see all of the duties that are included in this role, to help you determine if the role captures what you need.

If a specific role does not capture all of a user’s needs, you can either add an additional role to the user or you can modify the role to capture the additional needs of a user. To modify a role to include some additional functionality follow these steps:

1) From the security roles screen, in the role that you want to modify, click on Add.

2) Once in the Add Privileges form you can choose if you want to view by Process Cycle, Role, or Duty/Privilege – viewing by process cycle allows you to dig into what privileges that you made need from a higher level process standpoint (we will continue from this view).

3) Choose the process cycle that the functionality you are looking for would fall in, for example Revenue cycle, and click the expand button to see all of the duties that fall under this cycle

4) From here we can see a list of all of the possible duties that are included in this process cycle. You can either select the entire duty to add to your role, or you can dig one level deeper and add a single privilege to the role, to do so just check the box next to the duty or privilege you would like to add.

5) Close out of the screen and the duty is now added to the role

On the flip side, if you would like to remove a duty or privilege from a role simply select the duty or privilege and click remove.

Now if the role you edited to any users role it will reflect the changes that you have made. Keep in mind that if small changes in access need to be made between a few different users, you will need to have different roles for each of the users. To create a brand new role follow these steps:

1) Navigate to System Administration -> Setup -> Security Roles

2) Click on New

3) A role call New Security Role will be created, edit the Name and Description of the role. Notice that the role content is currently blank – you are basically starting from scratch.

4) You can now either add roles and privileges one by one to the new role, or you can copy and paste another role into the newly created role to use as a starting point – from there you can remove or add additional duties or privileges.

Hopefully this helps you to at least get started with configuring security in your Dynamics AX environment. One more piece of advice is to understand that you will probably not get security right the first time for every user. Testing prior to going live with AX is essential to finding security gaps or too much security for a user. If a user is unable to perform a function that they think they should be able to access, it is likely that security is the cause. I would recommend taking access issues from users one by one, and analyzing whether the best course of action would be to add a new role entirely or to modify an existing role on the user. For additional information please feel free to reach out to us at info@loganconsulting.com or (312) 345-8817.

All the best!
Logan Consulting
www.loganconsulting.com

Enhancing Expense Management with Microsoft Dynamics 365 Finance: An Overview Guide

Posted on: April 22, 2024

Managing expenses efficiently in a dynamic business environment is important for maintaining budget control and ensuring financial compliance. Microsoft Dynamics...

Read More ›
Secure and Responsible AI Integration with Microsoft’s Copilot for Dynamics 365 Finance

Posted on: April 17, 2024

In today's world, technology is breaking new ground all the time, making it important to use artificial intelligence (AI) in...

Read More ›

Understanding Security in Microsoft Dynamics AX 2012

Related Posts

Enhancing Expense Management with Microsoft Dynamics 365 Finance: An Overview Guide

Secure and Responsible AI Integration with Microsoft’s Copilot for Dynamics 365 Finance

Download Asset