Security Development Tool for Dynamics AX 2012
Dynamics AX 2012 has a new role based security architecture. To those who have worked on AX 2009, this is a change from what they have worked before, in terms of developing security. This post will not go in great detail in an attempt to explain the new architecture. There is good documentation out there that can help you understand the new security framework.
Here are a couple of links to help you with that:
https://technet.microsoft.com/EN-US/library/gg731779.aspx
This particular blog post addresses the developers who are going to develop security artifacts for AX 2012 implementations. Developing security for the AX 2012 system can sometimes be challenging for developers. In order to reduce the time and complexity involved in creating security artifacts for Dynamics AX 2012 and also providing easier debugging ability to the developer, we have released a new tool called Security Development Tool for Dynamics AX 2012 on InformationSource a while ago. However, I am mentioning the tool here for greater visibility because not everyone who could benefit from it has yet heard about its existence or is aware of its powerful capabilities.
What is it?
The Security Development Tool has the following capabilities and features:
- Simplify the creation and maintenance of security artifacts such as Roles, Duties and Privileges
- Creation of new security artifacts on the basis of access through various entry points
- Ability to test newly created or modified security Role, Duty or Privilege from a development workspace with the security permissions associated with that security artifact, without using a different test account
- Ability to record business process flows and identify the entry points used, to speed up development of security artifacts
- Ability to view effective named user license values at different security artifact levels
Where can I get the tool?
The tool is available on https://informationsource.dynamics.com/ under the ‘Services’ section. In order to access either InformationSource, you need either a valid PartnerSource or CustomerSource account.
The user guide for the tool can be found here: https://technet.microsoft.com/en-us/library/hh859729.aspx
What versions of AX 2012 will this tool work on?
This tool will work on AX 2012 RTM, AX 2012 R1 and AX 2012 R2
Please try out this tool when you next get a chance to develop your security artifacts and provide us feedback on it.
Comments
Anonymous
September 23, 2013
Concerning this feature: •Ability to record business process flows and identify the entry points used, to speed up development of security artifacts Whenver I select Start Recording in the tool and Stop I get a message "no entry points recorded." I am going thru the same steps as the video recording on Information Source - selecting Sales Clerk and then going into the app and selecting Vendor / New etc. Not sure why my entry points are not added to the grid. Thanks for your helpAnonymous
February 23, 2014
The tool isnt available for download anywhere, at least not as a customersource user. informationsource.dynamics.com/.../RFPSLHost.aspx doesnt list it. informationsource.dynamics.com/.../RFPSLHost.aspx which is linked to by the article technet.microsoft.com/.../hh859729.aspx takes a suspicious three minutes to load on an ultra fast connection (google loads in under a second), and then brings to the root of information source. I am really frustrated, what is the deal? Does anybody know? it seems like every time i need to use customersource or information source for anything related to 2012, i hit a dead end.Anonymous
February 25, 2014
I'm also getting a "no entry points recorded" error message like Rick. Has anyone seen this error? There's no support anywhere for this I can find. Thanks, TylerAnonymous
March 03, 2014
@Steven: The tool is very much there if you were to go to InformationSource. It is listed under the tab 'Services', once you sign in to InformationSource. Can you try that and see if it works for you? AFAIK, if you have CustomerSource credentials, you should be able to log into InformationSource and have access to the tool. Regards Parth [MSFT]Anonymous
March 03, 2014
@Rick, Tyler: For the issue where you get 'No entry points recorded', can you please clarify which version of AX are you in? In particular what Cumulative Update have you installed so far? We have a known issue that caused a problem with the behavior of this tool due to a fix in CU6 that was installed on top of AX 2012. However, I want to make sure we are talking about the same thing here. Please let me know. Regards Parth [MSFT]Anonymous
March 10, 2014
@Parth P AX 2012 R2 CU7 Kernel Version: 6.2.1000.4051 Application Version: 6.2.1000.4051Anonymous
March 17, 2014
Thanks Tyler. We have identified the change that has caused a regression in the behavior of the security development tool and are actively working on a fix for the same. As soon as I have some details to share, I'll share it here on the blog. Thank you for your patience.Anonymous
April 01, 2014
@ParthP any news on this? facing the same issue "No Entry Points Recorded" AX2012 R2 CU6 Application version: 6.2.1000.1437Anonymous
April 03, 2014
"No Entry Points Recorded" modify class SysSecurityRecorder_1CC4B7A84D53 community.dynamics.com/.../112673.aspx depending on your version the fix might vary but this should lead everybody on the right trackAnonymous
April 03, 2014
We are close to releasing a hotfix for this issue. Current ETA is before end of next week. I would hold off on patching it if you can wait that long.Anonymous
April 07, 2014
The comment has been removedAnonymous
April 14, 2014
A hotfix has been issued for the issue. Please take a look. blogs.msdn.com/.../security-development-tool-for-dynamics-ax-2012-issue-with-recording-entry-points.aspxAnonymous
August 20, 2014
Is there a way to remove duties from a role using the security development tool? For Example, if I open a role and see that it has "Full Control" for "All purchase orders" in Accounts Payable, I can right click on it and reference the duties, but this only allows me to add those duties to the role, whereas I want to remove them.