Role based Security in AX

There is a new pattern introduced in the new version of Dynamics AX (AX6.0/2012), for the security of the forms/tables etc. which is called RBS.

In Microsoft Dynamics AX, role-based security is aligned with the structure of the business. Users are assigned to security roles based on their responsibilities in the organization and their participation in business processes. The administrator grants access to the duties that users in a role perform, not to the program elements that users must use.

                    

Let’s take a looks at the data models of the Security framework

Table	Description	Mapping
SecurityRole	Contains list of roles	(AOTàSecurityàRoles)
SecurityUserRole	Contains the user to role mappings	(System Administration à Users à User)
SecurityTask	Contains the list of duties and privileges	(AOTàSecurityàPrivileges/Duties)
SecuritySubTask	Contains the duty to privilege mappings	(AOTàSecurityà Dutiesà Privileges)
SecurityRoleTaskGrant	contains the list of role to duty mappings	(AOTàSecurityà RolesàDuties)

Some Examples

///////////////// Code in X++ /////////////////////////////

SecurityRole            securityRole;

SecurityUserRole        securityUserRole;

SecurityTask            securityTask;

SecuritySubTask         securitySubTask;

SecurityRoleTaskGrant   securityRoleTaskGrant;

   

#define.SecurityRole(‘BudgetBudgetManager’)

#define.SecurityTask(BudgetManagerRoleCenterView)

   

// 1. How to the find record ID of the privilege

select firstOnly RecId from securityTask

    where securityTask.AotName  == #SecurityTask

        && securityTask.Type    == SecurityTaskType::Privilege;

   

// 2. How to find the record ID of the security role of the currently logged-in user aving the specified security role

select firstonly RecId from securityRole

    exists join securityUserRole

    where securityRole.RecId     == securityUserRole.SecurityRole

        && securityRole.AotName  == #SecurityRole

        && securityUserRole.User == curUserId();

// 3. How to the find all the duties containing the specified privilege (security Duty)?
select SecurityTask from securitySubTask

    where securitySubTask.SecuritySubTask == securityTask.RecId;

// 4. How to check whether the privilege is directly associated with role

select firstOnly RecId from securityRoleTaskGrant

    where securityRoleTaskGrant.SecurityTask  == securityTask.RecId

        && securityRoleTaskGrant.SecurityRole == securityRole.RecId;

　

// 5. How to check whether the privilege is associated with role through duty

 select RecId from securityRoleTaskGrant

    exists join securitySubTask

    where securityRoleTaskGrant.SecurityTask == securitySubTask.SecurityTask

            && securityRoleTaskGrant.SecurityRole == securityRole.RecId;

   

 ///////////////// Code in X++ /////////////////////////////

extensible data security (XDS) framework in AX 2012

The extensible data security framework is a powerful new feature in Microsoft Dynamics AX 2012 that has been made available to developers and customers to address rich data security policy scenarios. It enables developers and administrators to secure data in shared tables such that users have access to only the part of the table that is allowed by the enforced policy. This feature can be used in conjunction with role-based security (also supported in Microsoft Dynamics AX 2012) to provide more comprehensive security than was possible in the past.

Data Security policy concepts

When developing a data security policy, you need to become familiar with several concepts, such as constrained tables, primary tables, policy queries, and context

constrained tables	A constrained table is the table or tables in a given security policy from which data is filtered or secured, based on the associated policy query.
primary tables	A primary table is used to secure the content of the related constrained table.
policy queries	A policy query is used to secure the constrained tables specified in a given extensible data security policy.
context	A policy context is a piece of information that controls the circumstances under which a given policy is considered to be applicable. If this context is not set, then the policy, even if enabled, is not enforced.

The white paper published by Microsoft which contains complete information of the XDS framework along with a walk though.