Security Privilege Properties

Article
05/18/2015

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

A privilege is a group of permissions. The nodes that are underneath each privilege node identify the securable objects that a user can access. And those nodes set the level of access for each object.

Best Practices

This section describes the best practice rules for privileges.

You can use privileges to specify the access that is required to accomplish a job.
You can use privileges to group together the permissions for related securable objects. For example, menu items and their controls are closely related.
You can assign privileges directly to security roles. However, security settings are easier to maintain if you assign duties or process cycles instead of privileges.

Securable Objects

Privileges are used to give access to securable objects. The following list shows the hierarchy under the Security > Privilages node in the AOT:

Security
- Privileges
  - YourPrivilege
    - Entry Points
    - Permissions
      - Tables
      - Server Methods
      - Forms

Privileges can also override the access levels to securable objects as they are defined elsewhere in the AOT. For example, a privilege can override a permission found under AOT > Forms > YourForm > Permissions > Update > Tables > YourTable, in the EffectiveAccess property.

Privilege Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege.

Property	Required	Description
Name	Yes	Name of the privilege.
Label	Yes	Text that appears on the user interface for the privilege.
Description	Yes	Description of the privilege.
Enabled	Yes	The enable value. The value can be one of the following: Yes. Enable the privilege. No. Disable the privilege.

Entry Point Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Entry Points > YourEntryPoint.

Property	Required	Description
Name	Yes	Name of the entry point.
ObjectType	Yes	Object type of the entry point. The value can be one of the following: MenuItemDisplay MenuItemOutput MenuItemAction ServiceOperation WebActionItem WebURLItem WebManagedContent
ObjectName	Yes	Object name of the entry point.
ObjectChildName	Optional	Represents the service method name. Note Specify the value of this property only if the ObjectType property is set to ServiceOperation.
AccessLevel	Yes	Permission value for all object types except ServiceOperation. The value can be one of the following: Read Update Create Correct Delete NoAccess The permission values for the AccessLevel property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the entry point. The Correct permission applies only when a time state table is involved. This permission authorizes you to issue update records in a time state table. If instead the object type is ServiceOperation, the value can be one of the following: Invoke. The server method can be called. NoAccess. The server method cannot be called.

Table Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Tables > YourTable.

Property	Required	Description
Table	Yes	Name of the table.
EffectiveAccess	Yes	Permission value. The value can be one of the following: Read Update Create Correct Delete NoAccess The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. The Correct permission applies only when a time state table is involved. This permission authorizes you to update records in a time state table. You can set the permission value to NoAccess to prevent all access to the table.
ManagedBy	Optional	This property is for use by automation tools.

Table

Yes

Name of the table.

EffectiveAccess

Yes

Permission value. The value can be one of the following:

Read
Update
Create
Correct
Delete
NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read.

The Correct permission applies only when a time state table is involved. This permission authorizes you to update records in a time state table.

You can set the permission value to NoAccess to prevent all access to the table.

ManagedBy

Optional

This property is for use by automation tools.

Server Method Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Server Methods > YourServerMethod.

Property	Required	Description
Class	Yes	Name of the server class.
Method	Yes	Name of the secure server method that is tagged with the SysEntryPointAttribute attribute.
EffectiveAccess	Yes	Permission value. The value can be one of the following: Invoke. The server method can be called. NoAccess. The server method cannot be called.
ManagedBy	Optional	This property is for use by automation tools.

Form Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Forms > YourForm.

Property	Required	Description
Form	Yes	Name of the form.