Restrict Field Access By Security Role

The roles within Dynamics AX are pre-configured to restrict users from accessing areas that they usually don’t need to use, but you don’t have to stop there. You can tweak the security even more by restricting access to the field level data that shows up on the forms through the security role maintenance feature, allowing you to give people read only access, or not even show the field in the case of sensitive information. As an added benefit, if you restrict access this way, then the users will not be able to access the data through the reports, or through the Excel add-in.

If your users are already paranoid that they don’t see all of the data, then redacting access this way may push them over the edge.

How To Do It…

Start off by finding the field that you want to restrict access to. In this case we want to stop particular users from maintaining the Vendors Bank Account.

Then find the Role that you want to restrict access through – in this example we are cheating a little and finding the Role through the user account, an then clicking on the Edit Role button within the User Roles tab.

When the Security Roles maintenance form is displayed, click on the Override Permissions button within the menu bar.

This will open up the Override Permissions form. To override the permissions on a table, click on the Table/Fields node.

This will open up the Override Permissions form. To override the permissions on a table, click on the Table/Fields node.

This will allow you to browse all of the tables within Dynamics AX. Select the table that you want to restrict access to (in this case the VendTable) and expand it so that you can see all of the fields.

To override the permissions by field, select the parent table and then uncheck the Do Not Override checkbox.

This will allow you to override the general access to the table if you like. In this example though we will leave it with the Full control access level because we want to override the access to an individual field.

Now select the field that you want to restrict access to, and uncheck the Do Not Override checkbox.

Now you can change the access rights to that field by selecting the option from the Override Access Level dropdown box. You can set it to No Access, View, or Edit.

Now when the user returns to the form, they are not able to change the field if they belong to that security role.

Access Denied.

Advertisements
7 comments
  1. Thank you for the post. Is there any way I could hide the menu item in the area page of the Dynamics 2012 based on the roles. For E.g. Hiding the “All Vendors” menu item in “Account Payable” Module.

    • Sakthiananth, yes you can do that – you just inspired tomorrows tip to the day – watch out and I will give you a walkthrough on how to do it in the morning πŸ™‚ Murray.

      • Well Thank you for that Murray. I’m waiting for the moment.

  2. Hi I will be very gratefull if you can help with this.

    I have a filed in a form, but is not a table field, is a Display method. Said the form is ProjTransEmpl and the field that I need to hide from a User Security Role is ProjEmplTrans.costPrice()

    Is this possible?

    Thank in advance.

  3. Sayed said:

    Hi.. thank you Murray for the post..
    I applied it exactly but the user still has edit rights on the field..
    i’m sure i followed the steps correctly but don’t know if there’s something i miss or what..
    using AX 2012 R2

  4. Saverio said:

    “This will open up the Override Permissions form. To override the permissions on a table, click on the Table/Fields node.” and the image below is duplicated

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: