We can create Role-based security by setting security permissions for each individual. Permissions are not directly granted to users, but to security roles, and the link between users and their permissions is established by assigning users to security roles. Role-based security for Dynamics AX contains the following elements:
Role: An individual’s role in Microsoft Dynamics AX is defined as a group of duties required to complete a specific job function.
Duty: In Microsoft Dynamics AX, duty is the group of privileges needed to perform a task.
Privilege: Privilege is defined as the permissions required for individual objects. For example, access to the post price journal is a privilege.
Permission: Permission in AX is the basic access restriction to units of data, such as tables and fields, and functionality
Microsoft Dynamics AX - Security Architecture
Planning to create a new role “Invoice_Maker” and will assign the users to this role.
This role users can have the full control of making Invoice Journals under Accounts Payable module effectively.
1. Open the Security Roles screen under <LEGAL ENTITY>/System administration/Area page to create the new Role - “Invoice_Maker”
2. Open the Security Privileges screen under <LEGAL ENTITY>/System administration/Area page to create the new Process Cycle - “Invoice_Maker”
3. Right click on the newly created Process Cycle - “Invoice_Maker” and select the "New Duty" option to create the new Duty - “AP_Invoice”
4. Right click on the newly created Duty - “AP_Invoice” and select the "New Privilege" option to specify the appropriate permission towards Duty - “AP_Invoice”
5. As planned provide the “Full Control” Permission for all the Invoice Journal screens
6. Assigned the ”AP_Invoice” Privileges to the appropriate role “Invoice_Maker”