I have been working with Dynamics AX security since AX 4.0. It has always been a challenge and I have always encouraged clients to begin the security design and implementation process at the very beginning of the Dynamics AX implementation process. Many did not heed the warnings and made a mad dash near go live to get some sort of security working.To say the least Dynamics AX security prior to AX 2012 has been a nightmare for most clients. It required many hours of time to setup the security groups and to get each group functioning the way that it should.Microsoft has completely re-written security in AX 2012. With the new role based security it has become much easier to "eat the elephant" of security.The fact that they have pre-defined roles allows a client to have a starting point instead of just adding everyone to the admin group to begin using the system while they hacked away at the security mountain, is a major step forward. You are also still able to import users from the Active Directory (AD) as in past versions of Dynamics AX. The pre-defined roles can be modified or copied to suit a client's needs.Some of the other changes that have been made to security have also eliminated much of the headache of setting up security.You can now setup an Active Directory Group in AX 2012 and provide it a role(s) so that when you add a user to the AD group they will automatically have access to AX and a user will be created when they first login. They will be assigned the roles of the AD group they are assigned to.Pluggable authentication is now available for the Enterprise Portal that allows you to use Active Directory Federated Services (ADFS), Forms-based authentication or Live ID authentication.A new type of user in AX 2012 is what is known as a Claim User. A Claim User are users who are not in an organization's Active Directory, like vendors or customers who need to access Enterprise Portal.Additionally in AX 2012 you are able to assign users to organizations, limiting their access to just the organization(s) you want them to have access to. You also have the ability to revoke access to an organization at any time.Dynamics AX 2012 security is broken down into:· Privileges and permissionsA group of access rights that are assigned to Duties· DutiesResponsibilities to perform tasks for business objectives or process cycles that are then assigned to Security Roles· Security RolesDefines the duties that are allowed for the roleYou have the ability to override permissions in a specific role if needed.Another feature of Dynamics AX 2012 security is "Extensible Data Security" (EDS). The extensible data security policy is used to secure data in shared tables, by creating policies based on data that a contained in different tables. Extensible Data Security replaces the old Record-Level-Security. Although Record-Level-Security is still available for backward compatibility and upgrading. It is best to use EDS going forward.Segregation of Duties is now available in Dynamics AX 2012, allowing you to set rules/policies to keep users from have conflicting abilities. For instance, the ability to add a vendor as well as create a payable voucher can be controlled through Segregation of Duties.There is much more information available regarding Dynamics AX 2012 security. However, it is obvious that it has been simplified and is much more robust "out of the box". There is no longer a reason to fear the "security ocean". Go ahead and take the plunge! Author John BoehmMicrosoft Certified Technology SpecialistSenior Information Systems Consultant-Dynamics AX More ...Microsoft Dynamics AX is a robust ERP and Lean manufacturing enabler. The latest release, Dynamics AX 2012, combines the powerful planning and execution features required of comprehensive ERP integrated with the features of Lean to assist the "blended" manufacturer. Contact Agility Business Solutions, Inc. to learn more.
