Sunday, 28 September 2014

Dynamics AX 2012 - Roles & Security Configuration

Role-based security

We can create Role-based security by setting security permissions for each individual. Permissions are not directly granted to users, but to security roles, and the link between users and their permissions is established by assigning users to security roles. Role-based security for Dynamics AX contains the following elements:

Role: An individual’s role in Microsoft Dynamics AX is defined as a group of duties required to complete a specific job function.

Duty: In Microsoft Dynamics AX, duty is the group of privileges needed to perform a task.

Privilege: Privilege is defined as the permissions required for individual objects. For example, access to the post price journal is a privilege.

Permission: Permission in AX is the basic access restriction to units of data, such as tables and fields, and functionality

Microsoft Dynamics AX - Security Architecture

Steps to create custom Roles in Dynamics AX 2012 


Planning to create a new role “Invoice_Maker” and will assign the users to this role. 
This role users can have the full control of making Invoice Journals under Accounts Payable module effectively.


1. Open the Security Roles screen under <LEGAL ENTITY>/System administration/Area page to create the new Role - “Invoice_Maker”

2. Open the Security Privileges screen  under <LEGAL ENTITY>/System administration/Area page  to create the new Process Cycle - Invoice_Maker” 
3. Right click on the newly created Process Cycle - Invoice_Maker”  and select the "New Duty" option to create the new Duty - AP_Invoice” 

4. Right click on the newly created Duty - AP_Invoice”  and select the "New Privilege" option to specify the appropriate permission towards Duty - AP_Invoice” 

5. As planned provide the “Full Control” Permission for all the Invoice Journal screens

6. Assigned the ”AP_Invoice” Privileges to the appropriate role  Invoice_Maker 

7. Assigned the newly created “Invoice_Maker” Role to one particular user

8. Now that “Invoice_Maker” role user can access only the Invoice relevant screens what we have assigned to that role

Hope this helps.