Moving Security Role Objects in Dynamics AX from One Layer to Another

By Eric Meissner | December 4, 2015

Role mover

We ran into a scenario where we had to make some changes to security roles in Dynamics AX that were created in a different layer than we were currently doing development work. We want to do all of our development in the VAR layer which is what we have hooked up to Team Foundation Server (TFS). The security role objects in question, were originally created in the USR layer. We needed to move the security role objects before we could get our changes into TFS, so they could be shared across environments. What we learned is that once you remove a security role object, all of the users that were assigned to the role no longer have it. We needed to create a process to assign the users to the new role created in the VAR layer.  To prevent a very manual process once migrating the changes to production and other environments, we created the process I will outline below.

Process for Moving Security Role Objects in Dynamics AX

This is a one-time process that needs to be run when moving the code between environments. It is a quick process to run that takes a matter of minutes, instead of the hours of manual work assigning users to roles.

The development steps can be summarized as:

  1. Record the old/current IDs of the security roles to be moved
    a. We created a table that will store the NewId, OldId, RoleName, and an IsUpdated (yes/no) field.
    b. We created a job that will loop through the security roles and populate the table with the id (into the OldID field) and role name.
  2. Create a duplicate object of the security role in the target/desired layer.  For us this was the VAR layer
  3. Delete the current security role object in whatever layer it resides in.  For us this was the USR layer
  4. Remove the CopyOf from the name of the duplicated role created.  This will ensure that the new role is named the same as the old.
  5. Record the ID given to the new security role object.  We created a job to do this.  After updating the role with the newID the job went through the list of users that were assigned the old role ID and created a record assigning the user the new role ID.  A second part of the job assigned the user to specific companies if that is how the old role was setup.


When doing a code migration with the new security objects between environments the steps below need to be taken:

  1. Run the job that populates the table with oldIDs and role names
    a. You will have to import the xpo file in order to do this.
  2. Import the new modelstore
  3. Run the job that updates the newIDs and then assigns the users to the new role.
  4. Test your changes


Through all of our testing and security changes we learned that the issue above is only for security roles. All other security objects (privileges, duties) move just fine between layers. For those all you have to do is steps #2-4 from the development steps above.

Download the Free AX Role Mover Tool product-role-mover

If you’ve run into this issue check out the free AX add-0n Role Mover tool we’ve created and made available for download.

Related Posts

Recommended Reading:

Manage U.S. Use Tax on Purchase Orders in Dynamics 365 Finance and Operations

  Managing sales tax requirements on your business purchase can be complicated, but Dynamics 365 Finance and Operations can help […]

Read the Article
5.19.22 Dynamics CRM

How to Write a Great Support Ticket in the Stoneridge Support Portal

Submitting a support ticket through the Stoneridge Support Portal is a quick and effective way to get assistance for any […]

Read the Article

Managing Your Business Through Uncertain Times Using Dynamics 365 Finance and Operations

  Dynamics 365 Finance and Operations (F&O) can help you make informed decisions on how to move your business forward. […]

Read the Article
5.13.22 Power Platform

Using Power BI Object Level Security

  The following article will demonstrate how to use Power BI Object Level Security to disable column data based on […]

Read the Article
5.12.22 Dynamics CRM

How to Use the Stoneridge Support Portal

Stoneridge Software’s support portal is an intuitive and useful function that makes it easy for you to access resources to […]

Read the Article
5.6.22 Dynamics GP

Dynamics GP Transaction Removal: Purchase Orders

  Are you having performance issues with Purchase Orders?  Do you find that there are old Purchase Orders on your […]

Read the Article
5.5.22 Dynamics GP

The Real Story about the Long-Term Future of Dynamics GP Support

I’ve seen a number of people put forward comment that Dynamics GP is going away and you have to get […]

Read the Article

New Features in Dynamics 365 Business Central 2022 Wave 1 Release – Financial Enhancements

The Dynamics 365 Businses Central 2022 Wave 1 Release has a lot of new and exciting features to help your […]

Read the Article
4.29.22 Dynamics GP

Dynamics GP Transaction Removals: Bank Reconciliation

  This is part 2 of a 3 part series on Dynamics GP Transaction Removals. These quick tips will hopefully […]

Read the Article

Start the Conversation

It’s our mission to help clients win. We’d love to talk to you about the right business solutions to help you achieve your goals.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!