Security Permissions Properties for a Form

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

This topic lists and describes the permission related properties that exist on subnodes under the Permissions node under the node for each form in the AOT. These property values interact with other properties that are set under the AOT > Security node. These values also interact with permission related properties under other high-level nodes such as AOT > Menu Items.

For an example of interaction between security settings, consider a menu item. Suppose you create YourMenuItem at AOT > Menu Items > Display. There you assign values to security properties, such as the ReadPermissions and UpdatePermissions properties. Then you can assign the menu item as a node under AOT > Security > Privilege > ImportantPrivilege > Entry Points. The assignment of the menu item adds the security settings of the menu item to ImportantPrivilege.

On the Entry Point > YourMenuItem node, you can use the AccessLevel property to choose which set of permissions to receive from the menu item into the privilege.

Permission Group Nodes under Forms in the AOT

The following list shows the position of the Permissions node under the Forms node in the AOT:

  • Forms

    • YourForm

      • Permissions

        • Read

          • Controls

          • Tables

          • Server Methods

          • Associated Forms

        • Update

        • Create

        • Correct (disabled by default)

        • Delete

The nodes at the level of Read through Delete contain many individual permissions. The Read and Delete nodes can be referred to as permission group nodes.

All of the permission group nodes contains the same subnodes that are shown under the Read node.

NeededPermission Property of a Control

This section describes the NeededPermission property for the AOT node at Forms > YourForm > Designs > Design > YourControl. The value can be one of the following:

  • None

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • Manual

The values for the NeededPermission property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Read is included by Update, and Update is included by Create. Therefore Read is also included by Create permission.

To see a particular control on a form, the user must have a permission to the control that is at least as strong as the permission the control requires. For example, suppose a control has its NeededPermission property set to Update. A user who has only Read permission does not see the control on the form. But the control is visible to another user who has Update or Delete permission to the control.

Through automatic inference the system inserts a subnode representing the control, under the appropriate permission group nodes in the AOT. This occurs when you specify a value for the NeededPermission property of the control.

Gg879980.collapse_all(en-us,AX.60).gifSpecial Values for NeededPermission

The following table describes the special values that can be assigned to the NeededPermission property of a control.

NeededPermission value

Description

Manual

When you specify Manual for the NeededPermission property, the automatic inference system does not add a node representing the control as a subnode under the permission group nodes in the AOT. You can insert the control subnode manually under the permission group nodes.

None

When you specify Manual for the NeededPermission property, the automatic inference system does not add a node representing the control as a subnode under the permission group nodes in the AOT. You can set the NeededPermission value to None to enable access to the control without any restrictions.

Suppose a control was manually added to a permission group. Later you set the NeededPermission property of the control to None. In this scenario the node representing the control is not automatically removed from the permission group. When you compile the form an error message similar to the following is generated:

NeededPermission property on control ControlName is set to none.

Control Properties

This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Controls > YourControl. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.

Property

Required

Description

Control

Yes

The name of the control.

EffectiveAccess

Yes

The permission value. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read.

You can set the permission value to NoAccess to prevent all access to the control provided that no other entry point, privilege, or role grants access to the control.

SystemManaged

Yes

Indicates whether this permission was added through automatic inference. The value can be one of the following:

  • Yes. This permission was added through automatic inference.

  • No. This permission was created manually or overridden.

ManagedBy

Optional

This property is for use by automation tools.

Table Properties

This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Tables > YourTable. The descriptions of the properties for the Read node apply to Update, Create, and Delete permission group nodes.

Suppose you create a data source node for a table under your form node. The system uses automatic inference to add a node representing the table under the appropriate permission group nodes. When you remove your data source, the system removes the table subnode from the permission nodes.

Property

Required

Description

Table

Yes

The name of the table.

EffectiveAccess

Yes

The permission value. The value can be one of the following:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read.

You can set the permission value to NoAccess to prevent all access to the table.

ManagedBy

Optional

This property is for use by automation tools.

Server Method Properties

This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Server Methods > YourServerMethod. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.

Property

Required

Description

Class

Yes

The name of the server class.

Method

Yes

The name of the secure server method that is tagged with the SysEntryPointAttribute attribute.

EffectiveAccess

Yes

The permission value. The value can be one of the following:

  • Invoke. The server method can be called.

  • NoAccess. The server method cannot be called.

ManagedBy

Optional

This property is for use by automation tools.

Associated Form Properties

This section describes the properties for the AOT node at Forms > YourForm > Permissions > Read > Associated Forms > YourAssociatedForm. The descriptions of the properties for the Read node apply to Update, Create, and Delete nodes.

Property

Required

Description

Form

Yes

The name of the form.

AccessLevel

Yes

The permission value. This field can contain one of the following values:

  • Read

  • Update

  • Create

  • Correct

  • Delete

  • NoAccess

The permission values for the EffectiveAccess property represent a hierarchy. Read is the weakest permission, and Delete is the strongest. Delete permission includes every other permission. Create permission includes Update and Read. You can set the permission value to NoAccess to prevent all access to the form.

SystemManaged

Yes

Indicates whether this permission was added through automatic inference. The value can be one of the following:

  • Yes. This permission was added through automatic inference.

  • No. This permission was created manually.

ManagedBy

Optional

This property is for use by automation tools.

See also

Security Permissions for Securable Objects in the AOT

How to: Use Associated Forms Permissions

Automatic Inference of Permissions in AOT Security

Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.