Last year I posted some tips on the Microsoft Dynamics AX Security Development Tool. Recently my colleague Boye Walters also wrote an episode and named it Tips on AX 2012 Security Development Tool – Part 7. Well… he fanned the fire on his topic and here is another edition: Tips on AX 2012 Security Development Tool – Part 8; focusing on the view type Duties and Privileges.
While we always focus on roles, we sometimes forget about completeness of privileges or duties. Namely in ISV development this is very important. A privilege should be able to be reused in other duties. In addition duties needs to work in various roles. For example if a new Duty called “Maintain rentals” is created you would like to have this person be able to maintain rental items, but he should also be able to view related transactions.
When you have developed or modified a duty or privilege, you can search for this security object in the Application Object Tree and open the Security Development Tool from the context menu. The tool will create a new security role which will be used to temporary hold the security duties or privilege. As example I used a duty form one of our ISV solutions. Note that the behavior for the privileges is exactly the same.
When you open the security development tool from a duty/privilege the first time, you will be notified that the new temporary role is created. Like any other role, you can find this security role in the Application Object Tree. It will have a role name ending with your user ID.
The Security Development Tool will be opened where the view is set to Type: Duty. The permissions from the required duty are loaded and can be checked. Initially you can see in which menus and submenus which menu items are accessible with the corresponding level.
Now I’m more interested in the detailed access level on the form. To see the access on fact boxes and menu items from a form, you can select the menu item, right click and choose the option Discover submenu items form the popup menu.
When the details are loaded, you can see that the menu item buttons and the factbox also have the access level Full control. With the option to check the contents of a duty or privilege you can also check if there may be some menu items which should not be part of the intended security level. It is very easy to find them following the icons in the menu tree or filter on the Access level field.
As the Security Development Tool created a role, you also can use the Test workspace to find out if it is really working as your intended design. Click the button Open the security test workspace and a new AX 2012 workspace will be opened with the access level of your duty or role. The duty Enable data validation framework process will look like this when the System administration menu is selected:
Note that like mentioned in a previous post, next to this role, also the System user role is assigned. You can check now the contents, but even more the real behavior of only one duty. When you open forms, you can see if the required factboxes and menu items are visible and working like designed. Also you can check if it is or isn’t possible to insert, update or delete records.
When there is no issue having the created role in your environment, you can leave it in the development environment. If it would have impact when you e.g. want to move models, you might need to delete the role manually. This is not automatically done. The next time you want to open duties or privileges in the Security Development Tool, it will check if the role exists. If it is not present, it will be recreated again.
Tips on Security Development Tool part 7 (by Boye Walters)
That’s all for now. Till next time!