AX2012 – HOW TO CREATE A READ ONLY SECURITY ROLE (WALKTHROUGH)

How to create a specific role in AX2012 where people have just “read only” rights.

The approach is simple. All Duties and Privileges in AX do have a pattern. All read only duties end with the word “Inquire”. Setup forms can also have read only rights and end with “Review”. The privileges do end with “View” for forms. Reports normally end with “Generate”.

When you create an AOT project and used the filter for selecting the duties ending with “*Inquire” and “*Review” you have a list of all “read only” duties. Then create a new role. Drag and drop all duties from your project to the new role and you have created your “Read only” role.

Walkthrough:

1. Open the Ax Development Workspace (AOT)
2. Create a new development project and give it a name for your reference.
   
3. Click the Advanced Filter/Sort button or use the shortcut combination Ctrl+F3
   
4. Click the button Select for making the selection.
   
   Enter the value “*Inquire,*Review” for table SysModelElement field Name.
   Enter the value “SecurityDuty” for table SysModelElementType field Element Type Name.
   Click OK for this form and the Project filter form.
5.  All elements are added to your new project like the image below illustrates.
   
6. Navigate within the AOT to the node Security, Roles.  Create a new role and give it the appropriate name and description.
   
7. Select the Project form.
8. Select all Duties by using the shortcut Crtl+A.
9. Drag and drop the selected Duties to your new role (Duties node) and save your new role.
   
10. The baseline for the role is ready. You can already assign user to this role. But….
    Some tables have too high privileges caused by some out of the box Duties, Privileges an/or Form permissions.
    E.g. the Vendor table (VendTable) has Full control permissions.
11. Open the form Security Roles from the System administration, Setup, Security menu.
    
12. Select the new “Read only user” role.
13. Click the button Override permissions.
14. Walk through the list of tables and see which tables do have too high access levels.
    
    To correct the access level:
    Untick the field Do not override.
    Set the value of the field Override access level to “View”.
    
15. Note that temporary tables need “Full access” for processing the reports.
16. Click Close to close the form.

You can now use the role and eventually test it by using the Security Development Tool which is available on Information source.