> > >

Use this form to set user group permissions. User group permissions control user access to Microsoft Dynamics AX and the privileges that users have while they are working in the system. By default, members of user groups cannot access any menus, forms, tables, or fields in Microsoft Dynamics AX. To enable user group members access to the system, you must grant them access by using this form. If your system is set up for multiple domains, you must set user group permissions in each domain.

Note Note

A user group can have different permissions in different domains.

Best practices

  • Work with managers who oversee the different user groups in your business or organization to determine permissions levels. For example, work with a manager in the Finance department to determine permissions levels for the Finance group or groups. The manager knows which user group or groups should have permissions to items, such as the and the navigation pane, including permissions on particular folders.

  • If you do not know whether to grant permission to a certain item, do not grant permission. It is better to deny permission to an item until a manager requests permission for a user group than to grant permission that may be inappropriate.

  • Restrict membership in the Administrators user group. This user group has access to all Microsoft Dynamics AX fields, tables, reports, and modules by default. A user who is inappropriately made a member of the Administrators user group might view reports or data that should be restricted or change configurations and business logic in the system. Only those users who configure and administer Microsoft Dynamics AX should be members of the Administrators user group.

Important Important

If you change permissions for a user group, especially if you demote permissions, restart the Microsoft Dynamics AX server after you make the change. If you do not restart the server, members of the user group retain their former permissions. Ask members of a user group to log off Microsoft Dynamics AX before changing permissions, and inform all users of the impending server restart. If necessary, select users in the form ( > ), and then click before changing user group permissions.

For more information, see Remove users.

Tasks that use this form

Navigating the form

The following tables provide descriptions for the controls in this form.

Tabs

Tab

Description

Overview tab

Select a user group and the appropriate domain.

Set access permissions for menus, forms, tables, and fields.

Important Important

By default, a user group is set to for all menus and tables.

Use the drop-down list to filter menu items and security keys. These filters include the following:

  • – Microsoft Windows-related security elements, sorted alphabetically.

  • – All security elements, including Web-specific elements, such as activity centers, deployment options, and cross functions, sorted alphabetically.

  • – Functions that are relevant for the individual countries/regions, sorted alphabetically.

  • – Functions that are structured according to the Add-ins menu within the Microsoft Dynamics AX application runtime.

  • – Functions that are structured according to the main menu within the Microsoft Dynamics AX application runtime.

  • – Functions that are structured according to the Task panes menu within the Microsoft Dynamics AX application runtime.

  • – Functions that are structured according to the Tools menu within the Microsoft Dynamics AX application runtime.

  • – Functions that are structured according to the Work center - Job menu within the Microsoft Dynamics AX application runtime.

  • – Functions that sort menu items related to a given workflow with the correct permissions.

Buttons

Button

Description

Export the selected user profile.

Import a previously exported user profile.

Print a security report.

Click to inherit this permission level to all child tables, forms, and nodes.

Note Note

Only expanded nodes will inherit permissions. If you don't expand a node, then permissions will not be assigned to sub-nodes.

Set the user group's permissions to full control for all components and menus.

Set the user group's permissions to no access for all components and menus.

Fields

Field

Description

Enter the unique user group identification.

Enter the user group name. (optional)

Enter the unique domain identification.

Enter the domain name. (optional)

Set the permission so that user group members will not have access to the selected element.

Set the permission so that user group members can open menus and forms and see data in tables and fields. User group members cannot add any data to the system or change data in any way.

Set the permission so that user group members can change data in menus, forms, tables, and fields.

Set the permission so that user group members can create new objects in the Application Object Tree (AOT) or, where applicable, in the system. User group members cannot delete objects.

Set the permission so that user group members can view, create, and delete objects or items.
Note Note

Higher permission levels inherit lower permission levels. For example, user groups with automatically have , , and permissions.

See Also