Moving Security Role Objects in Dynamics AX from One Layer to Another

by | Updated August 15, 2016 | Development

We ran into a scenario where we had to make some changes to security roles in Dynamics AX that were created in a different layer than we were currently doing development work. We want to do all of our development in the VAR layer which is what we have hooked up to Team Foundation Server (TFS). The security role objects in question, were originally created in the USR layer. We needed to move the security role objects before we could get our changes into TFS, so they could be shared across environments. What we learned is that once you remove a security role object, all of the users that were assigned to the role no longer have it. We needed to create a process to assign the users to the new role created in the VAR layer.  To prevent a very manual process once migrating the changes to production and other environments, we created the process I will outline below.

Process for Moving Security Role Objects in Dynamics AX

This is a one-time process that needs to be run when moving the code between environments. It is a quick process to run that takes a matter of minutes, instead of the hours of manual work assigning users to roles.

The development steps can be summarized as:

  1. Record the old/current IDs of the security roles to be moved
    a. We created a table that will store the NewId, OldId, RoleName, and an IsUpdated (yes/no) field.
    b. We created a job that will loop through the security roles and populate the table with the id (into the OldID field) and role name.
  2. Create a duplicate object of the security role in the target/desired layer.  For us this was the VAR layer
  3. Delete the current security role object in whatever layer it resides in.  For us this was the USR layer
  4. Remove the CopyOf from the name of the duplicated role created.  This will ensure that the new role is named the same as the old.
  5. Record the ID given to the new security role object.  We created a job to do this.  After updating the role with the newID the job went through the list of users that were assigned the old role ID and created a record assigning the user the new role ID.  A second part of the job assigned the user to specific companies if that is how the old role was setup.


When doing a code migration with the new security objects between environments the steps below need to be taken:

  1. Run the job that populates the table with oldIDs and role names
    a. You will have to import the xpo file in order to do this.
  2. Import the new modelstore
  3. Run the job that updates the newIDs and then assigns the users to the new role.
  4. Test your changes


Through all of our testing and security changes we learned that the issue above is only for security roles. All other security objects (privileges, duties) move just fine between layers. For those all you have to do is steps #2-4 from the development steps above.

Download the Free AX Role Mover Tool product-role-mover

If you’ve run into this issue check out the free AX add-0n Role Mover tool we’ve created and made available for download.

Related Posts

  • Here are some tips on security basics in  AX 2012 when assigning roles and working with existing duties and privileges. 1. I have a user assigned to the Product Designer security…

  • It is common throughout an ERP migration for the need to perform many code promotions and environment refreshes to a TEST or UAT system for eventual installation to Production. Not…

  • Over on the AX Support site on MSDN, Daniel Durrer has taken the time to keep tabs on the latest builds for Microsoft Dynamics AX 4.0, 2009 and 2012.  I…


Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


01sep10:00 am10:30 amEnsuring Quality and Compliance for Batch Manufacturers in Life Sciences

01sep12:00 pm12:30 pmIs it Worth It to Move to the Cloud? A Look at Considerations for Current Agribusinesses Using Dynamics GP

01sep2:00 pm2:45 pmWhat’s New in Dynamics 365 Finance and Supply Chain

09sep11:00 am12:00 pmConfab Live with Stoneridge – Data Strategy and Reporting – Mining Decision Making Insights

15sep10:00 am11:00 amSolving the Biggest Challenges in Agribusiness Through Innovation and Technology

22sep12:00 am12:30 pmSimplifying Payroll and HR Management with ADP Workforce Now

22sep10:00 am10:30 amStreamlining Batch Manufacturing with Technology

22sep2:00 pm2:30 pmProcess Automation for Microsoft Dynamics D365 for Business Central, Finance and Operations and GP

23sep11:00 am12:00 pmConfab LIVE with Stoneridge - Riding the Wave 2 Release – Key Features Coming to Dynamics 365 this October

29sep10:00 am11:00 amTop Five Reasons Why NOW is the Right Time to Move from Salesforce to Dynamics 365 Customer Engagement

29sep12:00 pm12:45 pmUnderstanding Job Costing and Tax Management in Business Central

29sep2:00 pm3:00 pmDigitalizing Horticulture & Agriculture - How to Sell Plants Online and Simplify Business Management

30sep12:00 pm4:00 pmSecurity and Permissions Training for D365 Business Central or Dynamics NAV


06oct10:00 am10:30 amPreview of D365 Business Central Fall Release Features and Functionality

06oct12:00 pm12:30 pmInsider's Guide to New Features Available in the Fall Release of D365 Finance and Supply Chain

07oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Technical

13oct12:00 pm12:30 pmWave 2 Release – What’s Coming for Dynamics 365 Sales and Customer Service

21oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Functional

26oct(oct 26)9:00 am28(oct 28)5:00 pmStoneridge Connect Leadership and Community Conference

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!