Security Privilege Properties

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

A privilege is a group of permissions. The nodes that are underneath each privilege node identify the securable objects that a user can access. And those nodes set the level of access for each object.

Best Practices

This section describes the best practice rules for privileges.

  • You can use privileges to specify the access that is required to accomplish a job.

  • You can use privileges to group together the permissions for related securable objects. For example, menu items and their controls are closely related.

  • You can assign privileges directly to security roles. However, security settings are easier to maintain if you assign duties or process cycles instead of privileges.

Securable Objects

Privileges are used to give access to securable objects. The following list shows the hierarchy under the Security > Privilages node in the AOT:

  • Security

    • Privileges

      • YourPrivilege

        • Entry Points

        • Permissions

          • Tables

          • Server Methods

          • Forms

Privileges can also override the access levels to securable objects as they are defined elsewhere in the AOT. For example, a privilege can override a permission found under AOT > Forms > YourForm > Permissions > Update > Tables > YourTable, in the EffectiveAccess property.

Privilege Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege.

Property

Required

Description

Name

Yes

Name of the privilege.

Label

Yes

Text that appears on the user interface for the privilege.

Description

Yes

Description of the privilege.

Enabled

Yes

The enable value. The value can be one of the following:

  • Yes. Enable the privilege.

  • No. Disable the privilege.

Entry Point Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Entry Points > YourEntryPoint.

Property

Required

Description

Name

Yes

Name of the entry point.

ObjectType

Yes

Object type of the entry point. The value can be one of the following:

  • MenuItemDisplay

  • MenuItemOutput

  • MenuItemAction

  • ServiceOperation

  • WebActionItem

  • WebURLItem

  • WebManagedContent

ObjectName

Yes

Object name of the entry point.

ObjectChildName

Optional

Represents the service method name.

Note

Specify the value of this property only if the ObjectType property is set to ServiceOperation.

AccessLevel

Yes

Permission value for all object types except ServiceOperation. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the AccessLevel property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the entry point.

The Correct permission applies only when a time state table is involved. This permission authorizes you to issue update records in a time state table.

If instead the object type is ServiceOperation, the value can be one of the following:

  • Invoke. The server method can be called.

  • NoAccess. The server method cannot be called.

Table Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Tables > YourTable.

Property

Required

Description

Table

Yes

Name of the table.

EffectiveAccess

Yes

Permission value. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read.

The Correct permission applies only when a time state table is involved. This permission authorizes you to update records in a time state table.

You can set the permission value to NoAccess to prevent all access to the table.

ManagedBy

Optional

This property is for use by automation tools.

Server Method Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Server Methods > YourServerMethod.

Property

Required

Description

Class

Yes

Name of the server class.

Method

Yes

Name of the secure server method that is tagged with the SysEntryPointAttribute attribute.

EffectiveAccess

Yes

Permission value. The value can be one of the following:

  • Invoke. The server method can be called.

  • NoAccess. The server method cannot be called.

ManagedBy

Optional

This property is for use by automation tools.

Form Properties

This section describes the properties for the AOT node at Security > Privileges > YourPrivilege > Permissions > Forms > YourForm.

Property

Required

Description

Form

Yes

Name of the form.

See also

Role-based Security in the AOT for Developers

Role-Based Security System

Security Node in the AOT

Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.