Download presentation
Presentation is loading. Please wait.
Published bySophie Hubbard Modified over 8 years ago
1
Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft
2
Role Based Security 2 2 Privileges Duties Roles Project Manager Maintain Project Master Maintain Projects View posted transactions Maintain Project Budgets Edit project budgets Users
3
Out of the box roles are a starting point Use least access principle Design security during implementation/upgrade Definition changes are customizations Best Practices 3 3
4
Identify existing privileges or duties Identify a form in the AOT (Identify from ‘personalize’ option in the UI) Right click > Add-ins > Security tools > View related security roles Security ‘Add-ins’ 4 4
5
SECURITY DEVELOPMENT TOOL
6
Key features: Free add-on for AX from Microsoft – Download from LCS Record a trace of a process and review all related security objects Test workspace – open AX with a specific role and test the access Easily grant (or revoke) access to entry points in the AX menu See the impact on License requirements Security Development Tool 6 6
7
Download and deploy Use in your development environment Download from LCS > Downloadable tools Install as a an AX customization – Compile Run the setup class to deploy the menu items – refer to the read me! Security Development Tool 7 7
8
AUTOMATIC ROLE ASSIGNMENT
9
Add users to a role if they meet query criteria System Administration > Setup > Security > Assign Users to Roles Based on any query with primary data source as UserInfo table Start from ‘All users query’ and add related tables and ranges Automatic Role Assignment 9 9
10
Example: Warehouse Worker role to any user with job: Warehouse Automatic Role Assignment 10
11
Exceptions You can still manually add the role or exclude a user Manual assignment/exclusion overrides automatic assignment. Automatic Role Assignment 11
12
SEGREGATION OF DUTIES
13
Compliance Audit When a user shouldn’t have access to perform both activities in AX e.g. “Create a payment journal” and “Post a payment journal” Define rules Validate those rules Take action (Allow or deny) and document rule violations Report on violations Segregation of Duties 13
14
System Administration > Setup > Security > Segregation of duties Note – Only for duties! Start by creating a rule… Segregation of Duties 14
15
Specify duties, severity, description of risk and mitigations For a new rule, click ‘validate duties and rules’ to check for any existing violations Segregation of Duties 15
16
Checks completed during role assignment When a user shouldn’t have access to perform both activities in AX e.g. “Create a payment journal” and “Post a payment journal” Define rules Validate those rules Take action (Allow or deny) and document rule violations Report on violations Segregation of Duties 16
17
Deny, or Accept with Reason documented Segregation of Duties 17
18
Reject the violation – Role not assigned Segregation of Duties 18
19
Chris Haley Technical Advisor - Microsoft Support Chris.Haley@Microsoft.com Speaker contact info 19
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.