Understanding Security in Microsoft Dynamics AX 2012

Posted on: May 25, 2016 | By: Jarrod Kraemer | Microsoft Dynamics AX/365

Authored by: Rosey McAdams

Establishing security for your Dynamics AX users can be a daunting experience if you do not fully understand how security is built in Dynamics AX.  Understanding the security architecture in Dynamics AX will help make security setup for your organization much more straight forward and simple.  Once you understand the building blocks of security in AX, your organization can determine a process for configuring security to meet your needs.

The first thing to understand about AX security is that although AX comes with predetermined security roles, out of the box, security roles can always be customized or even built from scratch to meet your needs.  AX security is setup as a hierarchy, the top level of AX security is a security role.  A security role is an overall title for the security access that a certain type of employee would have.  For example, out of the box, AX has roles for AP Supervisor or Chief Financial Officer, keep in mind you can also build a new role from scratch, for example we have seen clients build an AP Specialist role. All security roles are comprised of duties and privileges, which will be further explained below. 

When building a custom role, or when adding duties and privileges to roles a hierarchy is used to help you find the duties or privileges you need. The top level of this hierarchy is a process cycle.  A process cycle defines a set of activities included in a certain business process.  An example of a process cycle would be Revenue Cycle.  Within the process cycles there are duties.  An example of a duty would be approve customer invoices.  Within duties there are privileges.  An example of a privilege would be approve customer journals.  A screenshot of the structure of Process Cycles, Duties, and Privileges is shown below.  



Now that we have a better understanding of the building blocks of AX security, the best way learn how to setup security access on a user is through an example.  Follow the steps below to setup security on a user (note, you must actually have the appropriate security to setup user security J).

1)      Navigate to System Administration-> Common->Users


2)      Double click on the user account that you would like to setup security on.



3)      Once you are in the user, on the bottom half of the screen is where you can setup the user security, on the User’s roles fast tab. Here you can assign roles, edit roles or remove roles.


Each user can be assigned one or several out of the box or custom roles.  Roles are what drive the user’s security access. 

4)      To assign a new role to a user click on assign roles.

5)      Once in the assign roles for choose the role you want to assign to this user and click OK, Buying Agent for example.


Now, how did we know that the buying agent role was the role that contained all of the functionalities we needed for this user?  Before you assign users with security you will need to figure out all of the functionalities they will need to perform.  From there, you will go into the AX roles and find which role, or combination of roles, will need to be added to this user so that they can carry out their day to day activities.  To find out what functionalities each role includes follow these steps:

1)      Navigate to System Administration -> Setup -> Security Roles

2)      Click on the security role that you would like to look into



3)      Under the role content fast tab you will see all of the duties that are included in this role, to help you determine if the role captures what you need. 

If a specific role does not capture all of a user’s needs, you can either add an additional role to the user or you can modify the role to capture the additional needs of a user.  To modify a role to include some additional functionality follow these steps:

1)      From the security roles screen, in the role that you want to modify, click on Add. 

2)      Once in the Add Privileges form you can choose if you want to view by Process Cycle, Role, or Duty/Privilege – viewing by process cycle allows you to dig into what privileges that you made need from a higher level process standpoint (we will continue from this view). 


3)      Choose the process cycle that the functionality you are looking for would fall in, for example Revenue cycle, and click the expand button to see all of the duties that fall under this cycle