Planning security for any Microsoft Dynamics AX system that you implement enables your customer to help protect their business assets and maintain their system security in the future. It also provides the opportunity for you and your customer to evaluate the security risk the customer is willing to accept, and document any tradeoffs you make.
Any system that you design for a customer should follow Microsoft standard guidelines for enterprise application security.
We recommend that you review the security architecture, and then plan system security as described in the topics in this section. That is, when you determine the roles in your organization and decide what tasks these roles perform, you will assign resources such as forms and tables to these tasks, and then decide on appropriate constraints. Organizational constraints involve a broad domain constraint, whereas business-level constraints use record-level security.
About security management
Microsoft Dynamics AX includes several features to help manage access to modules, forms, data, and reports. These features include domains, user groups, and record-level security.
To add an additional layer of security to your computing environment, Microsoft Dynamics AX requires that all users be listed in Microsoft Active Directory directory services on your domain controller before they can be enabled on the Microsoft Dynamics AX form. If a user is not enabled on this form, he or she cannot access Microsoft Dynamics AX.
By default, users are restricted access from forms, data and reports. Granting access to forms, data, and reports requires at minimum that you create user groups, set permissions for those groups, and add users to the system. You can further refine access by using domains and record-level security.
Recommendations for managing security access include:
As part of your business processes, document and communicate appropriate policies and procedures.
Within the Microsoft Dynamics AX client, restrict access to forms that may contain personal information to only those groups of employees that require access for business reasons.
Restrict access to reports that may list personal information to only those groups of employees that require access for business reasons.
Restrict direct access to the Microsoft Dynamics AX database to Microsoft Dynamics AX administrators only. See your database documentation on controlling access.