AX 2012 Security Role Basics

By Jackie Olson | September 2, 2015

Here are some tips on security basics in  AX 2012 when assigning roles and working with existing duties and privileges.

1. I have a user assigned to the Product Designer security role. In AX, in the Product Information management module> Common> Released products form, I now want to remove “All cases” in the Engineer tab, Product change group from this role –

Microsoft Dynamics AX Demo

Here are the steps I took:

Right click on select Personalize on the Released products form. If you click on the Information tab you will see that the name of this form is EcoResProductPerCompanyListPage

In the Personalization form, in Layout tab, expand ActionPane> Engineer> Product change>   then click on All cases.

Layout Action Pane

You will see that the System name: is EngineeringChangeGroupAllCase

Properties All Cases

Edit the form (EcoResProductPerCompanyListPage)

You can get there by clicking on the Information tab then click on Edit button at the end of the Form name (or go to AOT> Forms)

Personalization Information

In DesignList and look for the above system name (EngineeringChangeGroupAllCases).

Notice the Needed permission in the Properties for this object is set to None by default.  You will need to set this to something other than *none so you can then override the permission to the All cases button for your role.

*Refer to this TechNet article for help on setting the Needed permission.

For this example I set the needed permission to Read (the least restrictive permission).

Once you have Needed permission changed to something other than none, you can then override the permission for this button for the role to “No access”.

To do this, go to a developer workspace in AX (Cntrl+D in AX), **edit the BOMProductDsigner (AOT name for Product Designer) role in AOT by going to AOT> Security> Role.  Select the role and expand it, then expand Permissions. You will then see Forms node.

BOM Product Designer

** Instead of modifying the original out of the box role, I would recommend duplicating the role to a new custom role and call it something like “SSI_BOMProductDesigner” so, you leave the original role as it is so you can use it for comparing to your changed role.

Open up another AOT window and navigate to Forms node then look for EcoResProductPerComanyListPage. Drag this form to the Form node under BOMProductDesigner> Permissions> in the other AOT - \Security window. So you will end up with this –

AOT Security

Next in AOT> Form> expand EcoResProductCompanyListPage> expand DesignList and look for the control called EngineeringChangeGroupAllCases. Notice the Needed Permission for this control has been changed to Read (from None). Click on this control and drag it to the other AOT - \Security window under the EcoResProductPerCompanyListPage form.

AOT Security

Notice the EffectiveAccess in Properties tab for that control for BOMProductDesigner role is NoAccess (and that’s how you remove access to the All cases button for the role!)

AOT Security Engineering Change Group All Cases

Log in to AX with the user with Product Designer role and you will see the user no longer have All cases in the Engineer tab.

Release Products in AX 2012

2. I want to also remove Associated with Cases in Engineer tab for Product Designer role

Microsoft Dynamics AX Demo

Edit this form (EcoResProductPerCompanyListPage)

In the Personalization form, layout tab, expand ActionPane> Engineer> Product change>  then click on Associate with case. Note the System name - EngineeringChangeGroupAssociateCase

Personalization Layout

Go to design list for this form, and look for EngineeringChangeGroupAssociateCase.

Drop Dialog Button Engineering Chang Group

Look at its properties.  You will see this –

Hierarchy Parent

To take away the button, you will need to remove access to EngChgCaseAssociateReleased Product form.

In AOT> MenuItems> Display, look for EngChgCaseAssociatedReleasedProduct, right click> Add-ins> security tools> View related security roles

You will see this role’s related duty and privilege to the above form (entry point).

Role AOT

You will need to remove this form (entry point) from the role’s privilege. For this example the privilege name is “EngChgCaseReleasedProductMaintain”.  So, you will need to edit this privilege and remove the entry point “EngChgCaseAssociateReleasedProduct”.  I would duplicate the privilege I want to change so I leave the original out-of-the-box privilege alone (other duties may be using this privilege), remove the entry point from this duplicated privilege. For this example my duplicated privilege is called “SSI_EngChgCaseReleasedProductMaintain_PD” and in this privilege, I would remove the entry point “EngChgCaseAssociateReleasedProduct”.

AOT Security

I would then duplicate the duty. In this example the duplicated duty is called “SSI_InventProductsForOperatnMstrMaint_PD”. I edited this duty by removing the privilege. “EngChgCaseReleasedProductMaintain” and added the modified privilege “SSI_EngChgCaseReleasedProductMaintain_PD”.

SSI Invent Products 16

Next, you would have to modify the Role.  Duplicate the role give it a name like SSI_BOMProductDesigner, change the Label so it is different than the original, remove the original duty and add the modified duty “SSI_InventProductsForOperatnMstrMaint_PD” –

SSI Invent Products For Operation

Doing this will make sure you do not break other Roles that are using the existing Duty and Privilege and other duties that are using that existing privilege.

Assign a user to this new role to test.


Released Products

Related Posts

Under the terms of this license, you are authorized to share and redistribute the content across various mediums, subject to adherence to the specified conditions: you must provide proper attribution to Stoneridge as the original creator in a manner that does not imply their endorsement of your use, the material is to be utilized solely for non-commercial purposes, and alterations, modifications, or derivative works based on the original material are strictly prohibited.

Responsibility rests with the licensee to ensure that their use of the material does not violate any other rights.

Start the Conversation

It’s our mission to help clients win. We’d love to talk to you about the right business solutions to help you achieve your goals.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!