How to: Design Permissions for Fields in a Table
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
You can use the AOT to design permissions for the fields in a table. By changing the EffectiveAccess property in permissions for each of the fields you can control the application user access to those fields. For example, you can control whether the application user can view or edit some of the fields on a form based on the security role assigned to the application user.
To understand this walkthrough topic, you first need to understand the following areas:
Walkthrough: Design Permissions for a Form that is Started from a Menu Item
You must understand how to add a menu item under AOT > Security > Privileges > YourPrivilege > Entry Points.
Automatic Inference of Permissions in AOT Security
When you set security property values under AOT > Security > Privilege, you need to understand what those values refer to elsewhere in the AOT.
This topic assumes that several AOT items already exist, or that you can imagine them. The items are as follows:
Table – Person table, with fields City, Name, and Zip.
Form – FieldsForm form.
Data source – Person table as the data source for FieldsForm form.
Menu – Home > Common menu, which might already exist.
Menu Item – FieldsMenuItem menu item, with its ObjectType property set to Form, and its Object property set to FieldsForm.
Security > Privilege – TestFieldPrivilege privilege.
Privilege > TestFieldPrivilege > Entry Point – FieldsMenuItem, with its ObjectType property set to MenuItemDisplay.
You can test with different values for the AccessLevel property, but start with Update.
The following image displays a project that contains almost everything in the preceding list. In the next section you create the node AOT > Security > Privileges > Permissions > Tables > Person, and the field nodes under it.
The project that you create
Create Field Permissions
You can create field permissions for TestFieldPrivilege by following these steps:
Add the Person table to the TestFieldPrivilege privilege. Do this by dragging the node
AOT > Data Dictionary > Tables > Person
onto the node at
AOT > Security > Privileges > TestFormPrivilege > Permissions > Tables.
Drag operations are easier when you have two AOT windows open. You can drag from one AOT to the other.
On the new Person node, set the EffectiveAccess property to Update.
At Data Dictionary > Tables > Person > Fields, highlight all fields and drag them onto the TestFieldPrivilege > Permissions > Tables > Person node.
Set the EffectiveAccess property for each new field node as follows:
City – Update
Name – Read
Zip – NoAccess
You can test your security settings by starting the Microsoft Dynamics AX client as a user other than the system administrator. For more information, see How to: Test the Role-based Security Configurations under AOT Security.
Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.