Download presentation
Presentation is loading. Please wait.
8
Permissions (25000+) Privileges (5000+) Menu Items Access Level Securable Objects Controls Tables Etc… Server Methods Artifacts you want to secure “Vehicle Table” Group of base objects and required permission “Read Vehicle Table” Group entry points/permissions with associated access levels “Edit Vehicles Menu Item” Group of related privileges required for a job function e.g. “Maintain Vehicles” Group of duties for a job function e.g. “Branch Manager”
9
Role-based Security Administration & Experience
10
XDS framework in AX 2012 addresses these scenarios
11
Extensible Data Security
12
Contoso Group Main Sales Group SUSB Departments PositionDepartment Salesperson Main Sales Group Purchasing Agent Sales (USA) Sales Manager Sales (UK) Consultant SUSB Department Consultant SFRA Department Project Manager SFRA Department Sales (USA) Sales (UK) Consulting SFRA Departments
13
The condition by which data is to be constrained (CustGroup = 20) Table which contains data to use as filter. (CustTable) Table which contains the data to be filtered/constrained (SalesTable) Constrained Table Primary Table Query Role/Application Context Results Circumstances to apply this policy (Role = Branch Manager) Filtered sales data (When role is Branch Manger, only sales data with customer group=20)
14
SELECT * FROM SalesTable T2 WHERE (T2.amount > 1000
18
Manager Employee Reports to Supervisor Clerk/Agent Verifier Source document Verify Authorize Records RecordingVerificationAuthorizationManagerial review Clerk/AgentVerifierSupervisorManager
20
Privilege “fmRegisterRental” Tables “FMRental” Permission “Delete” Access Level “Delete” Duty/Role “FM Rental Clerk Role”
23
Security Development Tool for AX 2012 (beta)
32
PersonaPain Points and ChallengesFeatures CoveredResults and Benefits Identify hidden menu items for a functional role Main menu view Mark form controls in ribbon Discover sub-menu items Recorder Reduced effort to maintain security artifacts Easier to test and debug scenarios in security context Tweak menu item permissions for security role Reference duty/privilege Set entry point permissions guided form Need to logon with different windows account to test role Debug without System administrator privileges Test security workspace Isaac
33
User Database Authentication STS (Secure Token Service) Forms-Based Authentication Provider Membership Provider(s) ADFS Provider Active Directory Provider Custom STS Dynamics AX Database Authorization AOS (Application Object Server)
34
Management IT Engineer Customization DeveloperPartner Development ISV
37
Source AX4,AX2009 Target AX2012 Systems (Dev, Test, Prod)
Similar presentations
