Security in AX

Security Keys in Ax

Dynamics Ax provides following keys to provide the security for application

1.License Keys :
First Level Security , specifies what all featues/modules/developemnt tools we can access in the standard product.License Keys will be used after installation to unlock the product.License Keys will be issued by the microsoft for partners/vendors to develop vertical/generic solutions.

2.Configuration Keys :
Second Level Security , To Enable/Disable the object/feature for all the users.

3.Security Keys :
If you want to enable/disable object/features to group of users.

4. Record Level security :
Basically it deals with the data , if you want to restrict the viewing of records per user group than we setup record level security.
 ========================================================================

Roles – These are the security roles that you create to assign to users.  These are typically going to be created around jobs/positions that exist within the organization.  An example of this is the Accounts Payable clerk role.

Duties – I like to think of duties as tasks, specifically the tasks that you would need to do as part of your job/position which are considered roles in Dynamics AX.  An example of this would be ‘Maintain vendor invoices’ which is assigned to the Accounts Payable Clerk role.

Privileges – These are the specific forms, reports, etc that a user needs to perform a task and the level of access that is required.  Permissions are made up of entry points and the level of access.  Entry points are menu items (forms, reports, actions), web, services.  An example would be the ‘VendTransMaintain’ privilege that is part of the ‘Maintain vendor invoices’ duty.

Code Permissions – These are used when you have a menu item that is running a method of a class.  Code Permissions allow you to specify access levels to forms, tables, web controls, and reports that are related.  On example of this would be the VendEditInvoice code permission which deals with the executeTransfer method of the subledgerJournalTransferOperation class.  It also involves permissions to the VendEditInvoice form.

Process Cycles – These are used to group duties together so that it is easier to find them when searching in the Dynamics AX client to create or modify a role.  For example, let’s say you are trying to add the Approve Vendor Invoices duty to the Accounts Payable Clerk role. It is easy to use process cycles because the find feature is available, as opposed to if you try to use the Duty/privilege view by option as the find is greyed out.

Policies – These are used to restrict what data a user is able to see in a form or report.  This is the new method in Dynamics AX 2012 to limit data similar to what you have with record level security.  With this feature you create a query with restrictions.  Then, you create a security policy that can be applied to a security role.  For example, if you wanted to limit your account payable clerks from seeing retail vendors, you could create a query on the vendor group table with a range that limits the retail vendors.  You would then create a policy that includes this query and security role.

=======================================================================================

http://msdn.microsoft.com/en-us/library/hh272121.aspx --->

http://technet.microsoft.com/en-us/library/aa570084.aspx ---> record level security...
 http://axwonders.blogspot.in/2012/03/ax-2012-security-for-developers-part-i.html - code permission...
http://dynamicsaxbox.blogspot.in/2013_02_01_archive.html - table level security
=======================================================================