Security Role Properties

  • Article

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

In Microsoft Dynamics AX, roles represent a collection of permissions, which can be granted to users. The nodes that are nested underneath each role node identify various securable objects that a user can access. And the nested nodes specify the level of access.

Role Node in the AOT

Roles are used to give access to securable objects. The following list shows the hierarchy of role nodes in the AOT:

  • Security

    • Roles

      • YourRole

        • Duties

        • Privileges

        • Permissions

          • Tables

          • Forms

          • Server Methods

        • Sub Roles

Roles are typically associated with security duties, and sometimes, security privileges. Access levels to securable objects within a role are derived from the duties, privileges, or both. Roles can also override the access levels to securable objects under the Permissions node.

Role Properties

This section describes the properties for the AOT node at Security > Roles > YourRole.

Property

Required

Description

Name

Yes

The name of the role.

Label

Yes

The text that appears on the user interface for the role.

Description

Yes

The description of the role.

Enabled

Yes

The enable value. This field can contain one of these values:

  • Yes. Enable the role.

  • No. Disable the role.

PastDataAccess

Yes

Specifies the past data access for the tables with date effective fields. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the PastDataAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the table.

CurrentDataAccess

Yes

Specifies the current data access for the tables with date effective fields.

FutureDataAccess

Yes

Specifies the future data access for the tables with date effective fields.

ContextString

Optional

A user-defined string that can be used by security policies.

Duty Properties

This section describes the properties for the AOT node at Security > Roles > Duties > YourDuty.

Property

Required

Description

Name

Yes

The name of the duty.

Enabled

Yes

The enable value. The value can be one of the following:

  • Yes. Enables the duty.

  • No. Disables the duty.

Privilege Properties

This section describes the properties for the AOT node at Security > Roles > Privileges > YourPrivilege.

Property

Required

Description

Name

Yes

The name of the privilege.

Enabled

Yes

The enable value. The value can be one of the following:

  • Yes. Enables the privilege.

  • No. Disables the privilege.

Table Properties

This section describes the properties for the AOT node at Security > Roles > Permissions > Tables > YourTable.

Property

Required

Description

Table

Yes

The name of the table.

EffectiveAccess

Yes

The permission value. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the table.

ManagedBy

Optional

This property is reserved for use by automation tools.

Form Properties

This section describes the properties for the AOT node at Security > Roles > Permissions > Form > YourForm.

Property

Required

Description

Form

Yes

The name of the form.

Server Method Properties

This section describes the properties for the AOT node at Security > Roles > Permissions > Server Methods > YourServerMethod.

Property

Required

Description

Class

Yes

The name of the server class.

Method

Yes

The name of the secure server method tagged with the SysEntryPointAttribute attribute.

EffectiveAccess

Yes

The permission value. The value can be one of the following:

  • Invoke. The server method can be called.

  • NoAccess. The server method cannot be called.

ManagedBy

Optional

This property is reserved for use by automation tools.

Sub Role Properties

This section describes the properties for the AOT node at Security > Roles > Sub Roles > YourSubRole.

Property

Required

Description

Name

Yes

The name of the subrole.

Enabled

Yes

The enable value. The value can be one of the following:

  1. Yes. Enables the subrole.

  2. No. Disables the subrole.

See also

Role-based Security in the AOT for Developers

Role-Based Security System

Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.