Microsoft Dynamics AX

2012 Security
Framework

By
Gopalakrishna
nS
Dynamics AX 2009

The security model was module based.

Users were assigned to user groups which
grouped permissions to the various objects.
These permissions were controlled by security
keys.
The biggest drawback of this model was that you
could not have the same security user group apply
across multiple companies. You still had to create
the same user group across different groups.

Dynamics AX 2012

The security model is role based.

Users are assigned to roles. Roles contain a group
of duties or privileges.
The Security keys in the AOT are now obsolete in
Dynamics AX 2012. It is present for backward
compatibility. If you right click on the Security
keys node, you don't have an option to create a
Backward
compatibility
Authentication
Authentication is the process of establishing the
users identity.

Authorization
Authorization, also referred to as access control,
determines whether a user is permitted to
perform a given action.
Security role

Security roles represent a behavior pattern that a person in the

organization can play.

A security role includes a defined set of application access privileges.

A security role can be defined as a group of duties for a job function.

Users are assigned to one or more security roles. Each user must be
assigned to at least one security role to have access to Microsoft
Dynamics AX.

Examples of security roles: Shipping Clerk, Accounts Receivable Clerk,

System Administrator.
Duty

A duty is a responsibility to perform one or more tasks or services for a

job.

A duty can be defined as a group of related privileges allowing a

specific business function.

A Duty is a set of application access privileges that are required for a

user to carry out their responsibilities.

A duty can be assigned to more than one role.

Process & Process cycle

A functional work structure that an organization is responsible for

designing, controlling, and improving.

A process consists of a coordinated set of activities in which one or more

participants consume, produce, and use economic resources to achieve
one or more organizational goals

Process cycles organize duties and access privileges according to high

level processes.

A process cycle can be defined as a group of duties for a job function.

To help the system administrator locate the duties that must be assigned
to roles, duties are organized by the business processes that they belong
to.
Privilege

A privilege specifies the access that is required to accomplish a job,

problem, or assignment.

A privilege contains permissions to individual application objects, such

as user interface elements and tables

Privileges group together related securable objects. For example,

menu items and controls.

Privileges can be assigned directly to roles. However, for easier

maintenance, we recommend only assigning duties to roles.
Permission

Permission refers to the securable objects and associated access levels

that are required to perform the function associated with an entry point.
This could include any tables, fields, forms or server side methods that
are accessible through the entry point.

Security permissions are used to control access to individual application

elements: menus, menu items, action and command buttons, reports,
service operations, Web URL menu items, Web controls, and fields in the
Windows client and Enterprise Portal.

Permissions group securable objects and permissions that are required

for them. For example, form and report permissions.

In Microsoft Dynamics AX, individual security permissions are combined

into privileges, and privileges are combined into duties.

Entry point

An entry point is the object that triggers a user action to start a

particular function, such as a form or a service.

In Microsoft Dynamics AX, there are three different types of entry points
Permiss
ion

Entry Point
Set Permission for Form Create Previlege
Record Level Security

It builds on the restrictions that are enforced by user group

permissions.

User group permissions let you restrict Menu,Forms & Reports

Extended Data Security

It lets to write more powerful queries

More secured not only UI and also Server Level

Not only the table fields but also on Data in other Table

Table Permissions Framework (TPF)

The Table Permissions Framework (TPF) enables administrators to set

restrictions on tables that store data, including sensitive data.

To enable TPF, an administrator specifies a value for the

AOSAuthorizationProperty on a specific table in the Application Object
Tree (AOT).

It is used to authorize Create, Read, Update, and Delete operations.

Thank you
Any Queries ??
 A security role represents a behavior pattern
that a person in the organization can play. A
security role includes one or more duties.

A duty is a responsibility to perform one or more

tasks. A duty includes one or more privileges

Privileges specify the access that is required

toperform a duty. A privilege includes one or
more permissions.

Permissions include the access level to one or

more securable objects that are required to
perform the function associated with an entry
point.

Entry Points
An entry point is the element that is triggered
by a user action to start a particular function.
Menu items
Web content items