Domain administrators have full administration rights to their domain. However, they have no rights to other domains.
Some customers who have many companies in Microsoft Dynamics AX have a requirement to keep the data in each company completely separate. In such large system environments the system administrator is not the person who grants permissions to the user or creates companies. The system administrator creates a role called the domain administrator to do this. Domain administrators have complete access to all resources within their domain, but do not have access to companies in other domains.
Create domain administrator user groups
Before the system administrator creates the domain administrators, the companies, domains, and users must be created in the Microsoft Dynamics AX environment. For instructions, see Manage company accounts, Manage domains, and Manage users.
-
From a Microsoft Dynamics AX client, click > > .
-
On the tab, create a Domain administrator user group for each domain in the Microsoft Dynamics AX system.
-
Select the new Domain administrator user group, and then click .
-
Select the Admindomain in the pane, and then open the tab.
-
Select every security key and apply access to them for the Admindomain.
-
Open the tab again and select the domains in the pane that this user group will administer.
-
Open the tab.
-
Click .
-
In the tree, select > and apply .
This restricts the Domain administrator from seeing data in other domains.
-
Close the form.
This grants full rights to the Domain administrator user group for the selected domain.
Add domain administrators to the domain administrator user groups
After the Domain administrator user groups are created for each domain, the system administrator adds users to these user groups.
-
From a Microsoft Dynamics AX client, click > > .
-
Select the Domain administrator user group that you just created.
-
Open the Userstab.
-
Select the users who will be the domain administrators for the domain represented by the user group, and then click the left-arrow ( <) to move each user into the Selected userpane.
-
Open the Groupstab.
-
Select the Adminuser group and any other unnecessary user groups.
-
Open the Userstab.
-
Select the users who are domain administrators, and then click the right-arrow ( >) to move these users into the Remaining userspane.
This makes sure that the Domain administrators do not have administrator rights over the whole system.