Share via


Best practices for upgrading to role-based security

Important

This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

This topic provides an overview of some best practices that you should consider when you upgrade security. This topic does not describe how to upgrade security settings to Microsoft Dynamics AX 2012. For information about how to upgrade security settings, see the Security Upgrade Advisor Tool User Guide.

User groups and roles

When you convert user groups to roles, we recommend that you use the default roles as much as you can. The default roles that are included with Microsoft Dynamics AX 2012 may contain additional permissions that were not available in earlier versions of Microsoft Dynamics AX.

If a user group has more permissions than the related default role, you can create a custom role based on the user group. We recommend that you nest the default role under the custom role, so that the custom role includes the permissions from the default role. The following table provides an example.

User group in Microsoft Dynamics AX 4.0 or Microsoft Dynamics AX 2009

Default role in Microsoft Dynamics AX 2012

Recommendation for upgrade

CustomBudgetClerk

  • AssetBudgetMaintain

  • AssetFixedAssetBudgetsMaintain

  • BudgetBudgetCheckResultsInquire

  • CustomPrivilege1

  • CustomPrivilege2

BudgetBudgetClerk

  • AssetBudgetMaintain

  • AssetFixedAssetBudgetsMaintain

  • BudgetBudgetCheckResultsInquire

CustomBudgetClerk

  • CustomPrivilege1

  • CustomPrivilege2

  • BudgetBudgetClerk (nested role)

Use an abbreviation of the company name or function as a prefix in the name of a custom role, such as MS_CustomRole.

Whenever you can, customize security settings in a custom model. By using a model, you can more easily export security settings from, and import security settings to, a specific layer.

Security keys

The concept of security keys no longer applies in Microsoft Dynamics AX 2012. Instead, privileges and permissions are used to implement role-based security. By default, thousands of privileges are included in Microsoft Dynamics AX 2012, and each entry point is associated with one or more privileges. If you have created custom entry points, we recommend that you create new privileges that have the View and Full Control access levels. These privileges can then be included in duties or assigned to roles.

See also

Upgrade domains