Security Permissions Properties for a Form
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
This topic lists and describes the permission related properties that exist on subnodes under the Permissions node under the node for each form in the AOT. These property values interact with other properties that are set under the AOT > Security node. These values also interact with permission related properties under other high-level nodes such as AOT > Menu Items.
For an example of interaction between security settings, consider a menu item. Suppose you create YourMenuItem at AOT > Menu Items > Display. There you assign values to security properties, such as the ReadPermissions and UpdatePermissions properties. Then you can assign the menu item as a node under AOT > Security > Privilege > ImportantPrivilege > Entry Points. The assignment of the menu item adds the security settings of the menu item to ImportantPrivilege.
On the Entry Point > YourMenuItem node, you can use the AccessLevel property to choose which set of permissions to receive from the menu item into the privilege.
Permission Group Nodes under Forms in the AOT
The following list shows the position of the Permissions node under the Forms node in the AOT:
Forms
YourForm
Permissions
Read
Controls
Tables
Server Methods
Associated Forms
Update
Create
Correct (disabled by default)
Delete
The nodes at the level of Read through Delete contain many individual permissions. The Read and Delete nodes can be referred to as permission group nodes.
All of the permission group nodes contains the same subnodes that are shown under the Read node.
NeededPermission Property of a Control
This section describes the NeededPermission property for the AOT node at Forms > YourForm > Designs > Design > YourControl. The value can be one of the following:
None
Read
Update
Create
Correct
Delete
Manual
The values for the NeededPermission property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Read is included by Update, and Update is included by Create. Therefore Read is also included by Create permission.
To see a particular control on a form, the user must have a permission to the control that is at least as strong as the permission the control requires. For example, suppose a control has its NeededPermission property set to Update. A user who has only Read permission does not see the control on the form. But the control is visible to another user who has Update or Delete permission to the control.
Through automatic inference the system inserts a subnode representing the control, under the appropriate permission group nodes in the AOT. This occurs when you specify a value for the NeededPermission property of the control.
.gif "Gg879980.collapse_all(en-us,AX.60).gif")
Special Values for NeededPermission
The following table describes the special values that can be assigned to the NeededPermission property of a control.
NeededPermission value |
Description |
|---|---|
Manual |
When you specify Manual for the NeededPermission property, the automatic inference system does not add a node representing the control as a subnode under the permission group nodes in the AOT. You can insert the control subnode manually under the permission group nodes. |
None |
When you specify Manual for the NeededPermission property, the automatic inference system does not add a node representing the control as a subnode under the permission group nodes in the AOT. You can set the NeededPermission value to None to enable access to the control without any restrictions. Suppose a control was manually added to a permission group. Later you set the NeededPermission property of the control to None. In this scenario the node representing the control is not automatically removed from the permission group. When you compile the form an error message similar to the following is generated: NeededPermission property on control ControlName is set to none. |
Control Properties
This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Controls > YourControl. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.
Property |
Required |
Description |
|---|---|---|
Control |
Yes |
The name of the control. |
EffectiveAccess |
Yes |
The permission value. The value can be one of the following:
The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the control provided that no other entry point, privilege, or role grants access to the control. |
SystemManaged |
Yes |
Indicates whether this permission was added through automatic inference. The value can be one of the following:
|
ManagedBy |
Optional |
This property is for use by automation tools. |
Table Properties
This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Tables > YourTable. The descriptions of the properties for the Read node apply to Update, Create, and Delete permission group nodes.
Suppose you create a data source node for a table under your form node. The system uses automatic inference to add a node representing the table under the appropriate permission group nodes. When you remove your data source, the system removes the table subnode from the permission nodes.
Property |
Required |
Description |
|---|---|---|
Table |
Yes |
The name of the table. |
EffectiveAccess |
Yes |
The permission value. The value can be one of the following:
The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the table. |
ManagedBy |
Optional |
This property is for use by automation tools. |
Server Method Properties
This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Server Methods > YourServerMethod. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.
Property |
Required |
Description |
|---|---|---|
Class |
Yes |
The name of the server class. |
Method |
Yes |
The name of the secure server method that is tagged with the SysEntryPointAttribute attribute. |
EffectiveAccess |
Yes |
The permission value. The value can be one of the following:
|
ManagedBy |
Optional |
This property is for use by automation tools. |
Associated Form Properties
This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Associated Forms > YourAssociatedForm. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.
Property |
Required |
Description |
|---|---|---|
Form |
Yes |
The name of the form. |
AccessLevel |
Yes |
The permission value. This field can contain one of the following values:
The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the form. |
SystemManaged |
Yes |
Indicates whether this permission was added through automatic inference. The value can be one of the following:
|
ManagedBy |
Optional |
This property is for use by automation tools. |
See also
Security Permissions for Securable Objects in the AOT
How to: Use Associated Forms Permissions
Automatic Inference of Permissions in AOT Security
Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.