The AX 2012 Security Development Tool is created by Microsoft and provides additional functionality helping you to create and maintain security artifact like Roles, Duties and Privileges. I have used the tool since the release and noticed some very good features and also some features which could cause unwanted scenarios. To help you get the most out of this tool and use it in a proper way, I decided to write a series of blogs on this feature. This first post will tell you about the configuration of the menu-items which will start the Security Development Tool and also how to fix the view on User License Type to show the correct CAL type.
As mentioned in the introduction AX 2012 Security Development Tool provides additional features to support you on:
The full description and also useful links to downloads and user manual can be found on a blog from the Dynamics AX Server Team.
Initially when you have downloaded and installed the tool, you don’t see any changes and it looks like nothing is installed. If you look in the Development workspace (AOT), you can find new objects. There is a project called “SecurityDevelopmentTool” containing all related objects.
If you browse all objects, you also will find two menu items. These are not linked in any menu. As mentioned in the user guide, you can run the class SysSecEntryPointManagerSetup to link the menu items to standard AX menus. Right click on the class and select the menu option Open to perform this task. As a result these can be found in the System administration menu and also the context menu in the AOT.
When you have opened the Security Development Tool form, there is a button called Load additional metadata. If you click this button, new properties are added on the grid. One of the columns is called Effective user license type. Within this field it is possible to analyze which menu items are causing a certain CAL license type for the particular role. You can sort or filter on this field to find the data you are looking for. If you change an existing role, it might be possible that a Functional role will become an Enterprise role due to menu items exists in a certain privilege. This might affect your current license and probably unwanted license upgrade costs are involved. For this purpose also a field called Current user license type is added above the tree.
Note that in AX 2012 R2 and R3 the Current user license type is showing incorrect values. The license type Server Users is a type added since the R2 release. It is introduced to have an indication which menu items are part of the Server license and does not have impact on the license types. This field should show only the values Enterprise, Functional, Task and Self-serve. These are taking care of the number of CAL counts. Due to a new value in an enumeration this Server Users value has priority over the needed values. To fix this, you have to change the x++ logic in two methods on the form SysSecEntryPoinManager:
The line with the next code should be changed from:
if(SysSecEntryPointTmp.EffectiveUserLicense > maxLicenseType)
if(SysSecEntryPointTmp.EffectiveUserLicense > maxLicenseType && SysSecEntryPointTmp.EffectiveUserLicense != UserLicenseType::Server)
You have to do this is both methods UpdateLicenseTypes and LoadAdditionalMetadata. Then the system will show the correct CAL license type after this change:
If you want to grant more than one role to a single person, you can test it using the Security Development Tool. A while ago I wrote already a blog to explain this. Read the tip in this post: AX2012 – Testing combination of multiple roles.
If you have any questions leave a comment bellow or contact us. Also if you found this blog useful please share it and don`t forget to subscribe to our newsletter, so you can read my future blogs.
That’s all for now. Till next time!