Wednesday, 21 March 2012

Security development tool [AX 2012]

There is a new tool released.

The Security Development Tool for Microsoft Dynamics AX 2012 is intended to help you more easily create and maintain security artefacts such as roles, duties, and privileges. The tool displays entry point permissions for a given role, duty, or privilege. Additional tools guide you through updates of the access levels for entry points. You can also use the tool to test a newly created or modified security role, duty, or privilege from the same interface, without using a different test user account. Additionally, you can use the tool to record business process flows and identify the entry points that are used.

How to install and how to use instructions are on technet
Download with the icon on the left and watch a 6 minute video on the right.

Key features:
  • Grant access via an entry point (easy as right click and grant access by adding to a duty)
  • Create a new privilege from the same view
  • Test the security by clicking open new workspace - it will simulate the role and allow you to test with your own account 
  • Record the entry points and will be presented on the form. Which you can then click and grant access.
  • View the effect on your license (Enterprise, functional etc). See what menu item has an effect on your license. See which configuration key is attached to what menu item. What layer it is in. Licensing is huge. As one menu item may change a user from a functional user to a enterprise user. License affect could be thousands of dollars.
Main thing you have to understand is modifying security roles from the front end will modify the AOT security element. It will sit in the layer you are in.
Lastly but not least, when installed from the model provided it will sit in your usr layer. It is pretty cool as it is self-contained and doesn’t overlap with the sys layer.

 Other links:


Dominiek said...
This comment has been removed by the author.
Dominiek said...

Great tool!

A related question: is it possible that some AX menu items cannot be secured/assigned by the tool to a specific role? E.g. the button "Change status" on top of the Campaign Detail Form and List Page... I do not succeed in removing it from the non-appropriate profiles...

Munib said...

Some buttons have "clicked" method overridden and no menuitem is used.
Which means it you can't add to a privilege.
You have to make changes to the form.

It is not a problem with the tool but the way the form was developed.

Anonymous said...

How long does it take for the security development tool to be installed?

Munib Ahmed said...

It is like installing any other model file.
Import the model file and compile.

It is very simple to do. Just follow instructions on msdn