Enable Javascript

Please enable Javascript to view website properly

Looking for an Expert Development Team? Take two weeks Trial! Try Now

Role Base Security Architecture of Microsoft Dynamic AX


Definition: Security has very important roles to play in any ERP implementation. The security aspects of an ERP to helps the administrator to restrict the data to the users and provides the enough right to the user as per the roles and responsibilities (department). Security administrator can controls the rights of access different Modules, Form, reports based on the User group or individual user.

A security role represents a behaviour pattern that a person in the organization can play. A security role includes one or more duties.

A duty is a responsibility to perform one or more tasks. A duty includes one or more privileges.

Duties are a group of related privileges required to perform a task

  • Maintain bank related transaction
  • General deposit slips
  • Cancellation of Payment

Privileges specify the access that is required to perform a duty. A privilege includes one or more permissions.

Privileges specify the access that is required to perform a duty. A privilege includes one or more permissions i.e. we can more than one entry points by simply drag and drop functionality based on the menu item. And you can set the access level on the entry point permission properties as No Access, read, update, create, correct and delete. Delete the highest permission level.


Access levels

No Access - No Access to data

Read - User can View Data

Update - User can View and Edit Data

Create - User can View, Edit and Create new Data

Correct - User can View, Edit, Create new and correct date-effective records without creating new records.

Delete -User can View, Edit, Create new and Delete Data


Now we have to create roles and drag duties earlier we have created under the Duties node.

All of the users must be assigned at least one security role to have access to Microsoft Dynamics AX. By managing the user’s access through security roles.



include the access level to one or more securable objects that are required to perform the function associated with an entry point.

Once security role must assigned to all the users to access the Axapta, based on security roles that are assigned to user determine the duties that user can perform and depends on that limited interface user can view

Purpose of security : -

  • System will be more secure. User can access their respected module. He will not enter into the other module.
  • Data will be safe and secure. No other user has to delete any record in ax 2012.

Security – Standard Operating Procedure (Policy, Process, Roles, and Audit).


Security Architecture of Microsoft Dynamic AX 2012


Role Based Security Concepts

More about Security

Security Roles:- All users must be assigned to at least one security role in order to have access to Microsoft Dynamics AX. Roles combine multiple Duties in order to allow a user to perform the multiple process necessary to perform their specified day job. Users are assigned to one or more security roles.

Duty:- A Duty combines multiple privileges in order to provide a user with the appropriate access to perform a specific process within AX. Duties are designed with a specific business objective in mind.

Privileges: - specify the access that is required to perform a duty. A privilege contains permissions to individual application objects, such as user interface elements and tables. Privileges group together related securable objects. For example, menu items and controls.

Privileges can be assigned directly to roles. However, for easier maintenance, we recommend only assigning duties to roles.

Entry Point: - An entry point is the object that triggers a user action to start a particular function, such as a form or a service.

In Microsoft Dynamics AX, there are three different types of entry points - menu items, Web content items and service operations.

Type of Menu Item

Menu item:- Object of the form.

Three type of Menu Item.

  • Display
  • Output
  • Action

Role Based Security Concepts

Output:- Objects which are primarily for presenting data to the user such as forms and dialog’s.

Display:- An output menu item should have the soul purpose to print a result.

Action :- If your runnable object has an action to perform, for example creating or updating data


Permission:- Include the access level to one or more Securable object that are required to perform the function associated with an entry point .This could include any tables, fields, forms or server side methods that are accessible through the entry point.

There are Six type of permission.


Path: System administration > Users > Users

This is the path where all the users are defined in the ax 2012.


• Select user name and edit.


• Assign the roles to user


• Assign the roles to user


• Open the desired form, which you want to give the access on it (Here I have used the purchase order form).

• Find object name, right click on object and Select Personalize.


• Check the form name and menu item in Information tab.


• Check Button name in System Name “PurchTableForNew_Action”


• Open AOT option for create privilege and roles, shortcut key is ctrl+D.


• Security > Privilege > New Privilege


• Right click on Entry point and create new entry point.


• Click on entry point for display the property

• Fill the following information in Entry point property


• Security > Roles > New Roles

• Right click on Roles and create new role.


• Open privilege option and create new privilege in roles


• Already created privilege name select so its link


• Click on Assign Roles for add the roles

• Below form will be open, search role name from list and click on OK


Purchase Order role add in list


This user has only purchase order display access


In the end , Suppose the user has rights of creating purchase order only , So when the user has to open the purchase order he can see the only one module that is account payable, in that module he have only rights to create purchase order only. He will see only the purchase order list form where he can create, delete or edit the purchase order and also he cannot see the other module also.

The purpose of the security is that user have their own right he can see only respected module which he want to work. So that our Axapta will be more secure after providing security.

This blog is written by team of Dynamics AX senior developer from nexsoftsys.com, you can ask any question related on dynamics AX. Our Microsoft Dynamics AX consulting provide expert advice for various business sector like Industries, Health care, Logistics & other well-known industries.

Recent Blogs


NSS Note

Some of our clients