The AX 2012 Security Development Tool is created by Microsoft and provides additional functionality helping you to create and maintain security artifact like Roles, Duties and Privileges. I have used the tool since the release and noticed some very good features and also some features which could cause unwanted scenarios. To help you get the most out of this tool and use it in a proper way, I decided to write a series of blogs on this feature. This first post will tell you about the configuration of the menu-items which will start the Security Development Tool and also how to fix the view on User License Type to show the correct CAL type.

What is AX 2012 Security Development Tool?

As mentioned in the introduction AX 2012 Security Development Tool provides additional features to support you on:

  • Simplify the creation and maintenance of security artifacts such as Roles, Duties and Privileges
  • Creation of new security artifacts on the basis of access through various entry points
  • Ability to test newly created or modified security Role without using a different test account
  • Ability to record business process flows and identify the entry points used, to speed up development of security artifacts
  • Ability to view effective named user license values at different security artifact levels

The full description and also useful links to downloads and user manual can be found on a blog from the Dynamics AX Server Team.

 

Tip: Complete setup by creating menu items

Initially when you have downloaded and installed the tool, you don’t see any changes and it looks like nothing is installed. If you look in the Development workspace (AOT), you can find new objects. There is a project called “SecurityDevelopmentTool” containing all related objects.

SDT1-01

If you browse all objects, you also will find two menu items. These are not linked in any menu. As mentioned in the user guide, you can run the class SysSecEntryPointManagerSetup to link the menu items to standard AX menus. Right click on the class and select the menu option Open to perform this task. As a result these can be found in the System administration menu and also the context menu in the AOT.

SDT1-03    SDT1-02

 

Tip: How to view the correct CAL license type for menu items and roles

When you have opened the Security Development Tool form, there is a button called Load additional metadata. If you click this button, new properties are added on the grid. One of the columns is called Effective user license type. Within this field it is possible to analyze which menu items are causing a certain CAL license type for the particular role. You can sort or filter on this field to find the data you are looking for. If you change an existing role, it might be possible that a Functional role will become an Enterprise role due to menu items exists in a certain privilege. This might affect your current license and probably unwanted license upgrade costs are involved. For this purpose also a field called Current user license type is added above the tree.

SDT1-04a

Note that in AX 2012 R2 and R3 the Current user license type is showing incorrect values. The license type Server Users is a type added since the R2 release. It is introduced to have an indication which menu items are part of the Server license and does not have impact on the license types. This field should show only the values Enterprise, Functional, Task and Self-serve. These are taking care of the number of CAL counts. Due to a new value in an enumeration this Server Users value has priority over the needed values. To fix this, you have to change the x++ logic in two methods on the form SysSecEntryPoinManager:

SDT1-05

The line with the next code should be changed from:

if(SysSecEntryPointTmp.EffectiveUserLicense > maxLicenseType)

to

if(SysSecEntryPointTmp.EffectiveUserLicense > maxLicenseType && SysSecEntryPointTmp.EffectiveUserLicense != UserLicenseType::Server)

You have to do this is both methods UpdateLicenseTypes and LoadAdditionalMetadata. Then the system will show the correct CAL license type after this change:

SDT1-07

 

Tip: Test combination of multiple roles

If you want to grant more than one role to a single person, you can test it using the Security Development Tool. A while ago I wrote already a blog to explain this. Read the tip in this post: AX2012 – Testing combination of multiple roles.

If you have any questions leave a comment bellow or contact us. Also if you found this blog useful please share it and don`t forget to subscribe to our newsletter,  so you can read my future blogs.

That’s all for now. Till next time!

Subscribe to our newsletter

Microsoft Dynamics AX CommunitySubscribe to this blogger RSS Feed

Comments7
  1. KrishnaOctober 20, 2016   

    HI,
    The link was broken for “AX2012 – Testing combination of multiple roles”.
    So update the latest one.

    • André Arnaud de CalavonOctober 24, 2016   

      Hi Krishna,

      Thanks for reporting the broken link. It has been corrected.

  2. SofiaOctober 24, 2016   

    Hi Andre,
    I changed the code on both methods and I still get None as the Licence
    I’m using AX 2012 R3 Kernel 6.3.4000.127

    • André Arnaud de CalavonOctober 24, 2016   

      Hi Sofia,

      Can you check if the CIL compilation completed without issues? The code suggestion was to solve an issue related to showing ‘Server users’. You are mentioning ‘None’ as license type. What role or menu item are you referring to?

      • SofiaOctober 24, 2016   

        Thanks Andre, I ran the CIL again and it worked this time
        Kind Regards,
        Sofia

Leave a Comment!

Your email address will not be published. Required fields are marked *