AX2012 – Assigning permissions to users through Roles,Privileges and duties

Hi DAXers,

All of us know that Security frame work is completely changed in AX2012. We are used with AX2009 way of assigning permissions to user groups and linking users to user groups.

Let’s get conversant with AX2012’s way of assigning permissions and restricting the forms and activities as required by our clients.

Whoever tried assigning permissions might have already noticed that user groups are no more in AX2012. So, to have the users assigned with needed permissions, user must be assigned with a Role that he/she performs. In a case where the user performs multiple roles, one can be assigned with multiple roles.

By default a good number of “Security roles” are available in AX. These roles have been created by keeping industry requirements in mind and also to achieve the standardization across the multiple business organizations. However, it is quite usual that clients’ requirements on permissions will be varying from one client to another client.
Below is the image that helps in understanding how the permissions are structured in AX2012.

AX2012-User rights

Each role will have the Set of duties that are relevant for the specific role. Duties comprises of set of privileges. Through Privileges, we give the permissions to the relevant forms, menu items and tables.
(I do not want to stress on definitions and terminology as loads of data available over Technet).

Let’s analyze and understand this completely using the role “Purchasing agent” as an example.
To see the different security roles available, Go to System Administration>setup >Security > Security roles.

Security roles

Focus on “Purchasing agent” then right side list box “Role content” shows the list of duties that will be applicable for the “Purchasing agent role’.

It gives the precise information on what the activities that the user with the specific role can perform. By seeing the content obviously we can’t understand what all that will be covered under each duty. For instance, let’s consider the duty “Maintain Vendor Master”. We do not know what all that comes if it says just “Maintain vendor master”.

Let’s see what all it covers, go to System administration>setup>Security>Security roles> Security privileges
Search for the needed duty “Maintain vendor Master”, it shows the list of “Privileges” that are covered.

Security Privileges

We can notice the privileges give little detailed information that what all comes in “Maintain vendor master”. Of course, we should know how the access is being given to forms. For which lets get into AOT, with the AOT name of duty.
In the image you can see the AOT name of “Maintain vendor master” as “VendVendorMasterMaintain”.

Now, Go to AOT (by pressing Ctrl+D)>Security>Duties, find duty “VendVendorMasterMaintain”, and see the privileges(AOT names) to proceed further.

To find the forms that are been give the permission,
Go to AOT>Security>Privileges>“VendBankAccountsMaintaing” and expand the entry points node to know which forms are been given the access.


Hope it is clear now on how the access to forms is controlled using the roles, duties and privileges. In next post, we will see how to stop access to some forms in the already defined duty and also how to add a completely new privileges in duties.
Hope you like this post, your suggestions are most welcome to get this blog better.
Keep visiting and Keep DAXing.

lang: en_US


12 thoughts on “AX2012 – Assigning permissions to users through Roles,Privileges and duties

  1. Hi Santosh ,

    I understood the concept of the Security roles in AX 2012 .

    I have one question , how can we enable or disable the specific modules to particular users .

    For example when Financial user log in to AX 2012 , user would see only General ledger .module only.another budget user log in to AX 2012 , user would view only Budgeting only.

    How can this possible in AX 2012 ?

    • Hi Lally,

      First thing to be noted is, You can’t completely restrict a module directly. By removing the permissions to all the forms in a module you will restrict the user from using that module.

      If you have the access to one form in a module then you will definitely see the module in the drop down list.

  2. In AOT, we can create customized role and assign permission to the required forms and menu items of the required modules. Assigning the customized role the users will also fulfill the requirement.

  3. Hi ,

    I have created a wizard and role , wizard has included in created role with full permission but when i have assigned this role to the user then wizard button not display in this user, Means when i was open wizard that time wizard is open but available button not display.

  4. Pingback: AX2012 Licensing – Roles and CAL requirements | Sunny's Blog on Dynamics AX

  5. Another thing that could help you with managing roles and privileges is the Security Development Tool. Just install it to the AOS Server and as an admin, your life will get easier:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s