Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft.

Similar presentations


Presentation on theme: "Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft."— Presentation transcript:

1 Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft

2 Role Based Security 2 2 Privileges Duties Roles Project Manager Maintain Project Master Maintain Projects View posted transactions Maintain Project Budgets Edit project budgets Users

3 Out of the box roles are a starting point Use least access principle Design security during implementation/upgrade Definition changes are customizations Best Practices 3 3

4 Identify existing privileges or duties Identify a form in the AOT (Identify from ‘personalize’ option in the UI) Right click > Add-ins > Security tools > View related security roles Security ‘Add-ins’ 4 4

5 SECURITY DEVELOPMENT TOOL

6 Key features: Free add-on for AX from Microsoft – Download from LCS Record a trace of a process and review all related security objects Test workspace – open AX with a specific role and test the access Easily grant (or revoke) access to entry points in the AX menu See the impact on License requirements Security Development Tool 6 6

7 Download and deploy Use in your development environment Download from LCS > Downloadable tools Install as a an AX customization – Compile Run the setup class to deploy the menu items – refer to the read me! Security Development Tool 7 7

8 AUTOMATIC ROLE ASSIGNMENT

9 Add users to a role if they meet query criteria System Administration > Setup > Security > Assign Users to Roles Based on any query with primary data source as UserInfo table Start from ‘All users query’ and add related tables and ranges Automatic Role Assignment 9 9

10 Example: Warehouse Worker role to any user with job: Warehouse Automatic Role Assignment 10

11 Exceptions You can still manually add the role or exclude a user Manual assignment/exclusion overrides automatic assignment. Automatic Role Assignment 11

12 SEGREGATION OF DUTIES

13 Compliance Audit When a user shouldn’t have access to perform both activities in AX e.g. “Create a payment journal” and “Post a payment journal” Define rules Validate those rules Take action (Allow or deny) and document rule violations Report on violations Segregation of Duties 13

14 System Administration > Setup > Security > Segregation of duties Note – Only for duties! Start by creating a rule… Segregation of Duties 14

15 Specify duties, severity, description of risk and mitigations For a new rule, click ‘validate duties and rules’ to check for any existing violations Segregation of Duties 15

16 Checks completed during role assignment When a user shouldn’t have access to perform both activities in AX e.g. “Create a payment journal” and “Post a payment journal” Define rules Validate those rules Take action (Allow or deny) and document rule violations Report on violations Segregation of Duties 16

17 Deny, or Accept with Reason documented Segregation of Duties 17

18 Reject the violation – Role not assigned Segregation of Duties 18

19 Chris Haley Technical Advisor - Microsoft Support Chris.Haley@Microsoft.com Speaker contact info 19

20


Download ppt "Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft."

Similar presentations


Ads by Google