Security – Part 1

I’m sure a lot of people will agree that setting up AX and its security is no easy task. Therefore I’ve put together a guide to the information that you need to consider when working with AX 2012 security.

In this first part we will discuss and explain the concept of Role-based security within AX.

1 – Role-based security

At a high level Role-based security works to limit the areas/functions within AX to which a user has the ability to access/Run.

Essentially think of AX as a long corridor with doors on either side, AX security will dictate which doors the user can open and which actions they can take on contents of the that room (AX – records in a table).

These levels can be defined as follows:



Entry points

Entry points define the individual sections of code access.


Privilege’s define the first level of grouping of entry points and should be used to define an individual tasks. Note – The privilege also dictates the level access available to that privilege.  See fig 2.


A Duty combines multiple privileges in order to provide a user with the appropriate access to perform a specific process within AX.


Roles combine multiple Duties in order to allow a user to perform the multiple process necessary to perform their specified day job.


Figure 1

AOT Name Label Description
No Access No Access Does not provide any access to data.
Read View An end-user can view data.
Update Edit An end-user can view and edit data.
Create Create An end-user can view, edit and create new data.
Correct Correction An end-user can view, edit, create new and correct date-effective record without creating new records.
Delete Full control An end-user can view, edit, create new and delete data.

Figure 2

2 – Example

The way I like to think of this is that Microsoft have put together a ‘Library’ of ‘Duties’ which can then be selected and placed into the appropriate roles. This is best explained using an example, take the example of the Buying agent whose role is defined as ‘Documents purchase events and responds to purchase inquiries’. If we find this role within AX we can see that the user is made up of the following:


Figure 3

We can see that Microsoft have used the concept of building a ‘Library of Duty’, we can see this if we investigate the duty  Inquire into import letter of credit which can also be found in the following roles:

  • Accounting manager
  • Accounts payable manager
  • Accounts payable payments clerk
  • Buying agent
  • Chief financial officer
  • Financial controller
  • Purchasing manager
  • Treasurer

Use full links:


One thought on “Security – Part 1

  1. Pingback: Security – Part 3 – Security development Tool – Recording | Patrick Hawker

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s