Debugging Security (in the AOT)

With the various ways in AX2012 that you can allow permissions to objects it can sometimes be very difficult to diagnose why your role is not working as required. There are a number of very useful tools to use to assist in finding the problem, including the security development tool from Microsoft.

In this post however I will describe how to analyse a specific problem in a security role using the AOT.

Example: We have created a new Role that should allow users to have read only access to a number of forms including the Users form in the System Administration Module. A number of standard “Inquiry” duties were added to the role as well as a custom duty explicitly allowing view only access to the SysUserInfoDetail form. On testing of the role the user still had access to edit the users. To resolve the issue we followed the following procedure.

  1. Determine the Entry Point / Menu Item being used.
    1. Right click on the form that’s proving problematic
    2. Click Personalise
    3. Select “Information” tab.
    4. Note the MenuItemName. In this case “SysUserInfoDetail”
  2. Locate the Menu Item in the AOT
    1. Open the AOT in a development workspace
    2. Expand the “Menu-Items” node
    3. Expand the “Display” node
    4. Locate the MenuItem noted above (1.4)
  3. Determined Roles that use this MenuItem
    1. Right Click on the Menuitem
    2. Click “Add-Ins”
    3. Click “Security Tools”
    4. Click “View related security roles”Screen Shot 2015-02-25 at 4.33.59 PM
  4. Locate your custom role in the table
    Screen Shot 2015-02-25 at 4.37.18 PM
  5. From her you can determine what other duties and privileges are also providing access to this
    Screen Shot 2015-02-25 at 4.40.40 PM
  6. In our case it is the PaymVendorPaymentStatusInquire duty and VendPaymentJournal_NAGenerate privilege that is giving full access and overriding our view only permission.

I hope this will assist you in debugging your custom security roles.