AX 2012 Security Role Basics

by | Updated August 15, 2016 | Dynamics AX, Security

Here are some tips on security basics in  AX 2012 when assigning roles and working with existing duties and privileges.

1. I have a user assigned to the Product Designer security role. In AX, in the Product Information management module> Common> Released products form, I now want to remove “All cases” in the Engineer tab, Product change group from this role –

Microsoft Dynamics AX Demo

Here are the steps I took:

Right click on select Personalize on the Released products form. If you click on the Information tab you will see that the name of this form is EcoResProductPerCompanyListPage

In the Personalization form, in Layout tab, expand ActionPane> Engineer> Product change>   then click on All cases.

Layout Action Pane

You will see that the System name: is EngineeringChangeGroupAllCase

Properties All Cases

Edit the form (EcoResProductPerCompanyListPage)

You can get there by clicking on the Information tab then click on Edit button at the end of the Form name (or go to AOT> Forms)

Personalization Information

In DesignList and look for the above system name (EngineeringChangeGroupAllCases).

Notice the Needed permission in the Properties for this object is set to None by default.  You will need to set this to something other than *none so you can then override the permission to the All cases button for your role.

*Refer to this TechNet article for help on setting the Needed permission.

For this example I set the needed permission to Read (the least restrictive permission).

Once you have Needed permission changed to something other than none, you can then override the permission for this button for the role to “No access”.

To do this, go to a developer workspace in AX (Cntrl+D in AX), **edit the BOMProductDsigner (AOT name for Product Designer) role in AOT by going to AOT> Security> Role.  Select the role and expand it, then expand Permissions. You will then see Forms node.

BOM Product Designer

** Instead of modifying the original out of the box role, I would recommend duplicating the role to a new custom role and call it something like “SSI_BOMProductDesigner” so, you leave the original role as it is so you can use it for comparing to your changed role.

Open up another AOT window and navigate to Forms node then look for EcoResProductPerComanyListPage. Drag this form to the Form node under BOMProductDesigner> Permissions> in the other AOT – \Security window. So you will end up with this –

AOT Security

Next in AOT> Form> expand EcoResProductCompanyListPage> expand DesignList and look for the control called EngineeringChangeGroupAllCases. Notice the Needed Permission for this control has been changed to Read (from None). Click on this control and drag it to the other AOT – \Security window under the EcoResProductPerCompanyListPage form.

AOT Security

Notice the EffectiveAccess in Properties tab for that control for BOMProductDesigner role is NoAccess (and that’s how you remove access to the All cases button for the role!)

AOT Security Engineering Change Group All Cases

Log in to AX with the user with Product Designer role and you will see the user no longer have All cases in the Engineer tab.

Release Products in AX 2012


2. I want to also remove Associated with Cases in Engineer tab for Product Designer role

Microsoft Dynamics AX Demo

Edit this form (EcoResProductPerCompanyListPage)

In the Personalization form, layout tab, expand ActionPane> Engineer> Product change>  then click on Associate with case. Note the System name – EngineeringChangeGroupAssociateCase

Personalization Layout

Go to design list for this form, and look for EngineeringChangeGroupAssociateCase.

Drop Dialog Button Engineering Chang Group

Look at its properties.  You will see this –

Hierarchy Parent

To take away the button, you will need to remove access to EngChgCaseAssociateReleased Product form.

In AOT> MenuItems> Display, look for EngChgCaseAssociatedReleasedProduct, right click> Add-ins> security tools> View related security roles

You will see this role’s related duty and privilege to the above form (entry point).

Role AOT

You will need to remove this form (entry point) from the role’s privilege. For this example the privilege name is “EngChgCaseReleasedProductMaintain”.  So, you will need to edit this privilege and remove the entry point “EngChgCaseAssociateReleasedProduct”.  I would duplicate the privilege I want to change so I leave the original out-of-the-box privilege alone (other duties may be using this privilege), remove the entry point from this duplicated privilege. For this example my duplicated privilege is called “SSI_EngChgCaseReleasedProductMaintain_PD” and in this privilege, I would remove the entry point “EngChgCaseAssociateReleasedProduct”.

AOT Security

I would then duplicate the duty. In this example the duplicated duty is called “SSI_InventProductsForOperatnMstrMaint_PD”. I edited this duty by removing the privilege. “EngChgCaseReleasedProductMaintain” and added the modified privilege “SSI_EngChgCaseReleasedProductMaintain_PD”.

SSI Invent Products 16

Next, you would have to modify the Role.  Duplicate the role give it a name like SSI_BOMProductDesigner, change the Label so it is different than the original, remove the original duty and add the modified duty “SSI_InventProductsForOperatnMstrMaint_PD” –

SSI Invent Products For Operation

Doing this will make sure you do not break other Roles that are using the existing Duty and Privilege and other duties that are using that existing privilege.

Assign a user to this new role to test.


Released Products


Related Posts

1 Comment

  1. Bijan Ghofranian

    Very well written post with great info.
    Thank you Jackie!

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


06oct10:00 am10:30 amPreview of D365 Business Central Fall Release Features and Functionality

06oct12:00 pm12:30 pmInsider's Guide to New Features Available in the Fall Release of D365 Finance and Supply Chain

07oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Technical

13oct12:00 pm12:30 pmWave 2 Release – What’s Coming for Dynamics 365 Sales and Customer Service

21oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Functional

26oct(oct 26)9:00 am28(oct 28)5:00 pmStoneridge Connect Leadership and Community Conference


04nov11:00 am12:00 pmConfab LIVE with Stoneridge - Challenging the Development Paradigm

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!