Security architecture of AX 2012
All the customers consistently comment that protecting their business data for privacy, compliance, and corporate security reasons is one of their top concerns. Microsoft Dynamics AX 2012 provides with greater peace of mind by enhancing control over both authentication (who has access Microsoft Dynamics AX) and authorization (what people are allowed to do after they have access).
Introducing Role-Based
Security
Microsoft
Dynamics AX 2012 was to make security configuration as simple and painless as
possible. To achieve this, Microsoft has adopted a role-based security model,
complete with more than 80 predefined roles. At the deepest layers of the
application, the approach to making the necessary security decisions remains
pretty much the same, but how you manage security—the setup, maintenance,
debugging, and troubleshooting—is now significantly easier with the
introduction of a role-based security paradigm.
Flexible Authentication
Security architecture
Microsoft
Dynamics AX, you can more easily customize security to fit the needs of your
business. The following diagram provides a high-level overview of the security
architecture of Microsoft Dynamics AX.
The concept of security roles in AX 2012 is :
· Security roles represent a behavior pattern that a person in the organization can play.
· A security role includes a defined set of application access privileges.
· A security role can be defined as a group of duties for a job function.
· System administrators can limit the data that users can access by applying data security policies. administrators can also control the level of access that users in the role have to current, past, or future records.
· Users are assigned to one or more security roles. Each user must be assigned to at least one security role to have access to Microsoft Dynamics AX.
· Examples of security roles: Shipping Clerk, Accounts Receivable Clerk, System Administrator.
When you understand the security architecture of Microsoft Dynamics AX, you can more easily customize security to fit the needs of your business. The following diagram provides a high-level overview of the security architecture of Microsoft Dynamics AX.
Authorization is the control of access to the Microsoft Dynamics AX application. Security permissions are used to control access to individual elements of the application: menus, menu items, action and command buttons, reports, service operations, web URL menu items, web controls, and fields in the Microsoft Dynamics AX client and Enterprise Portal for Microsoft Dynamics AX.
In Microsoft Dynamics AX, individual security permissions are combined into privileges, and privileges are combined into duties. The administrator grants security roles access to the application by assigning duties and privileges to the roles
All the customers consistently comment that protecting their business data for privacy, compliance, and corporate security reasons is one of their top concerns. Microsoft Dynamics AX 2012 provides with greater peace of mind by enhancing control over both authentication (who has access Microsoft Dynamics AX) and authorization (what people are allowed to do after they have access).
Microsoft
Dynamics AX 2012 introduces new authorization concepts and a flexible
authentication model that will make it much easier for you to work with your
own customers, partners, and vendors through a web-based portal. The aim is to
provide flexibility in how people access the data they need without
compromising on security, while at the same time reducing the administrative
overhead of managing those permissions.
Introducing Role-Based
Security
Microsoft
Dynamics AX 2012 was to make security configuration as simple and painless as
possible. To achieve this, Microsoft has adopted a role-based security model,
complete with more than 80 predefined roles. At the deepest layers of the
application, the approach to making the necessary security decisions remains
pretty much the same, but how you manage security—the setup, maintenance,
debugging, and troubleshooting—is now significantly easier with the
introduction of a role-based security paradigm.
The
new model separates the specific permissions, such as access to tables or menu
items, from the business processes that users work with every day. Defining and
assigning those permissions is now the responsibility of the application
developers. Microsoft Dynamics AX provides several features and tools to help
developers with this task. Business consultants and partners can then group
these developer-defined permissions according to unique business requirements
and established processes.
Administrators,
especially anyone who’s managed ERP security configuration in the earlier
versions will appreciate the ease of the new model, which has cut the time
required to configure security. Microsoft has spent significant effort and
research defining a set of more than 80 baseline role definitions and more than
700 duties and several process cycles, which ship with the product. So, rather
than configuring permissions and defining roles from scratch, the
administrator’s task is to fine tune existing roles to match your particular
organization. For the more day-to-day operational tasks, such as assignment of
users to roles, Microsoft Dynamics AX 2012 introduces new features such as
“Dynamic Role Assignment,” “User-to-Role-to-Organization Assignment,” and some
level of Windows PowerShell-based management.
For
developers and ISVs, the new model enables you to deliver applications that are
secure by design. Especially in industries with stringent compliance
requirements, the ability to build and deploy applications with security in
mind and to demonstrate compliance out-of-the-box is a true competitive advantage.
Microsoft provides an excellent set of tools in the MorphX environment to help
you generate permissions and group them into roles so that your applications
and add-ins will support straightforward deployment and administration.
Extensible Data Security
Although
role-based security will streamline deployment and management, customers have
also asked for finer, more granular control over access to specific data within
the organization. Role-based security controls access to data entry points,
such as menu items and tables, but the data security allows you to control at a
deeper level, based on the attributes of data within a table. For example, an
account manager role may have access to the sales order table, but the
organizations might seek to limit individual account managers’ access to
specific sales orders based on geography, allowing them to view only the sales
orders that originate in their region.
Microsoft
Dynamics AX 2012 enables organizations to define authorization policies
dynamically so that access to business data can be controlled based on
sophisticated business rules. This enables you to easily adapt security
configurations that give the right people access to the right data—and only the
right data—without compromising your organization’s data access policies.
Flexible Authentication
The
third major security capability in Microsoft Dynamics AX 2012 relates to
authentication, which determines who is able to access the ERP solution. With
the growing need to integrate more closely across the supply chain,
authentication has become a pressing need for organizations that need their
suppliers, partners, and customers to be able to directly interface with their
ERP. The flexible authentication model makes it much easier for external users
to securely access ERP data through the Enterprise Portal or other web-based
applications.
Building
on the Windows Identity Foundation, Microsoft has extended the authentication
model in Microsoft Dynamics AX 2012 by using open-standard application
programming interfaces (APIs). This simplifies administration of these external
accounts by allowing authentication using Active Directory Federation Services
(ADFS), Windows Live ID or other similar methods (e.g. Forms based
Authentication), without requiring the external parties to be provisioned in an
Active Directory domain.
Microsoft
Dynamics AX 2012 security features are dramatically simplify administration,
offer greater flexibility and control over data access, and enhance the
compliance, security, and privacy of your valuable business data.
Security architecture
Microsoft
Dynamics AX, you can more easily customize security to fit the needs of your
business. The following diagram provides a high-level overview of the security
architecture of Microsoft Dynamics AX.The concept of security roles in AX 2012 is :
· Security roles represent a behavior pattern that a person in the organization can play.
· A security role includes a defined set of application access privileges.
· A security role can be defined as a group of duties for a job function.
· System administrators can limit the data that users can access by applying data security policies. administrators can also control the level of access that users in the role have to current, past, or future records.
· Users are assigned to one or more security roles. Each user must be assigned to at least one security role to have access to Microsoft Dynamics AX.
· Examples of security roles: Shipping Clerk, Accounts Receivable Clerk, System Administrator.
When you understand the security architecture of Microsoft Dynamics AX, you can more easily customize security to fit the needs of your business. The following diagram provides a high-level overview of the security architecture of Microsoft Dynamics AX.
By
default, only authenticated users who have user rights in Microsoft Dynamics AX
can establish a connection. Microsoft Dynamics AX uses integrated Windows
authentication to authenticate Active Directory users. If you configure
Microsoft Dynamics AX to use a different authentication provider, users are
authenticated by that provider.
After a user connects to Microsoft
Dynamics AX, access is determined by the duties and privileges that are
assigned to the security roles that the user belongs to.
Authorization is the control of access to the Microsoft Dynamics AX application. Security permissions are used to control access to individual elements of the application: menus, menu items, action and command buttons, reports, service operations, web URL menu items, web controls, and fields in the Microsoft Dynamics AX client and Enterprise Portal for Microsoft Dynamics AX.
In Microsoft Dynamics AX, individual security permissions are combined into privileges, and privileges are combined into duties. The administrator grants security roles access to the application by assigning duties and privileges to the roles
Authorization
is used to grant access to elements of the application. By contrast, data
security is used to deny access to tables, fields, and rows in the database. Use the extensible data security framework
to control access to transactional data by assigning data security policies to
security roles. Data security policies can restrict access to data, based on
the effective date or based on user data, such as the sales territory or
organization. For more information about how to use data security policies in
Microsoft Dynamics AX, see Apply
conditions to security role assignments.
In addition to the extensible data
security framework, record-level security can be used to limit access to data
that is based on a query. However, because the record-level security feature is
becoming obsolete in a future release of Microsoft Dynamics AX, we recommend
that you use data security policies, instead.
Additionally, the Table Permissions
Framework helps protect some data. Data security for specific tables is
enforced by Application Object Server (AOS).
This is axapta ERP blog for Technical and functional fields and includes Microsoft Dynamics Axapta tutorials and Dynamics Axapta Coverage. This blog also contains x++ code help for Ax developer and solution of technical and functional daily issues. This blog is specific for Microsoft dynamics programming. Enterprise portal, SharePoint services, business connectors and Enterprise Resource Planning applications and sql database.It will help to get Microsoft Business Solutions.
ReplyDeletehttp://daynamicsaxaptatutorials.blogspot.com/