Security keys are the permissions that control access to functionality within the application, and are set to individual user groups and users.
Security keys are set up from Administration > Setup > Security > User group permissions on the Permissions tab.
Within a security profile, you can assign permissions that define access to Menu items, Form controls, Tables and Fields.
There are five available access levels:
- No access – Completely restricts access to that item and any sub-items it controls. The Open command is disabled. Also, the node is not displayed in the Application Object Tree (AOT).
- View access – Members of the user group are allowed to view the item, but not use it. The Save, Compile, Lock and Unlock commands are disabled.
- Edit access – Members of the user group are allowed to view and use the item. The New, Duplicate and Rename commands are disabled.
- Create access – Members of the user group are allowed to view and use, as well as add new items. The Delete command is disabled.
- Full control – Members of the user group have full access and consequently no commands are disabled. Additionally, members can provide additional rights in special cases.
Security access for each user must be decided before they first log on. Access depends on which user groups the user is a member of, and which company or domain the user is a member of. Access to functionality of each security key can depend on its parent, so the calculation must be done hierarchically.
To configure security keys, the administrator first selects a User Group and a corresponding Domain (it is possible to select all domains at once). The security tree is then built, and the administrator is able to view the tree and make the necessary changes.
|When a security key property is changed for any AOT object, the client must be restarted for the changes to become visible.
For information about how to set security keys and for information about best practices, see Set up security keys1.
Security keys are used to restrict user group access in Microsoft Dynamics AX. Security keys have two main properties:
- Configuration Keys – The Configuration Key system allows an administrator to set the availability of functionality for the entire system. These modifications are to subsets of a module’s functionality that are not currently necessary to have enabled within the system. From a security perspective, the removal of unused functionality reduces the surface that is open to attack. For more information, see Enable and disable configuration keys2.
- Parent (only one parent can be specified) – Parent/child relationships control whether a key can be disabled. If you assign permission to a parent-node key (for example, if you select Absence approver and then select Full control) all child nodes inherit the same permission. If you do not want all child nodes to inherit the same permission, you can change permissions on individual child nodes.
The following graphic shows the path that is taken to validate security access.
|If you have set up domains within Microsoft Dynamics AX, security is applied to the individual domains. Otherwise, security is set up for all companies.
Each parent security key represents a broad umbrella of functionality within Microsoft Dynamics AX, and the underlying child security keys are divided into eight categories: Daily, Setup, Journals, Inquiries, Reports, Periodic, Miscellaneous and Tables. Each module in Microsoft Dynamics AX is broken down within these categories. The Security keys are laid out similar to the structure in the User Interface. Opening the main menu side-by-side with the security keys makes it easy to see how the categories relate to menu items.
- Daily — Contains the most accessed forms in the menu
- Setup — Corresponds with the Setup folder in the menu
- Journals — Corresponds with the Journals folder in the menu
- Inquiries — Corresponds with the Inquiries folder in the menu
- Reports — Corresponds with the Reports folder in the menu
- Periodic — Corresponds with the Periodic folder in the menu
- Miscellaneous — Controls access to all menu items used in the module that are not accessed from the menu. This is typically menu items accessed through buttons on forms. You do not have to change access in this category directly if you click Cascade.
|When you give access to a form, clicking Cascade updates all items with the same access related to that form.
- Tables — Lists all the tables used in that module. Clicking Cascade ensures that all tables are accessible for needed forms and reports.
For each module, a set of nine security keys exists. They all have the same naming, and the prefixes denote the module. For the Accounts Receivable module, the security keys are:
Each menu item is present beneath one (and only one) security key. The access to the menu item ranges from No access to Full control.