Unified Operations & Dynamics AX Forum

Expand all | Collapse all

Security - Vendor Invent Category

  • 1.  Security - Vendor Invent Category

    Posted Dec 17, 2018 02:47 PM
    ​Reference - A/R (or procurement) - common - vendors - all vendors then edit and select category.
    I believe HS_VendorInventCategory_HS_Category_Category..
    I am trying to provide a specific security group access to this screen and not be able to edit other vendor screens. Basically, these are screens that usually procurement or accounts receivable work in. However, the Category screen is where we specify what category of items (avionics for instance) that the vendor is authorized to sell to us. This category area is maintained by Quality Assurance personnel. Previously, they were provided an accounts payable or procurement security profile that allowed such access.
    We want to further restrict so that these QA users can not edit any other areas, but the category area.
    My tool for working authorizations is Microsoft's less than robust security entry point permissions program.
    Any thoughts on how to secure this area or provide adequate access to this area alone.

    Larry Hunter
    Mooney International Corp.
    Kerrville TX
    AXUG Summit - Post

  • 2.  RE: Security - Vendor Invent Category

    Posted Dec 18, 2018 09:22 AM

    I actually have a whitepaper and have done multiple sessions at user group conferences on how to go about setting up least privilege security in AX 2012 and D365FO. You can probably find the sessions themselves somewhere in the AXUG/D365UG content library.

    You didn't mention if this was for AX 2012 or D365FO but the D365FO whitepaper can be found here: Maximize D365FO Security, with Least Privilege Access

    But the overview of the process is the following:

    1. Determine tasks a user will perform, making sure to not over-provision
    1. Isolate menu items from process/task
    • Task Recorder – perform the task the user will need to do while recording it using the task recorder function
    • Use the Task Recorder Parser for AX 2012 or D365FO or Security Diagnostic for Task Recordings in D365FO to extract menu items consumed during task recording
    1. Determine correct permissions for menu items
    • For D365FO, remember that menu item security is honored at table level
    • If you would like additional help, the Fastpath Security Designer module will provide this information
    1. If necessary (esp. for AX 2012), modify table level access to allow/restrict access to certain tables/fields
    2. Test and validate – always be sure to test solution prior to deployment
    • Users will not complain about having too much access

    If you have questions about this process feel free to reach out, would be happy to help.

    Alex Meyer
    Director of Dynamics AX/365 for Finance & Operations Development
    Des Moines, IA

    AXUG Summit - Post

If you've found this thread useful, dive deeper into User Group community content by role