Best practices for upgrading to role-based security

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

This topic provides an overview of some best practices that you should consider when you upgrade security. This topic does not describe how to upgrade security settings to Microsoft Dynamics AX 2012. For information about how to upgrade security settings, see the Security Upgrade Advisor Tool User Guide.

User groups and roles

When you convert user groups to roles, we recommend that you use the default roles as much as you can. The default roles that are included with Microsoft Dynamics AX 2012 may contain additional permissions that were not available in earlier versions of Microsoft Dynamics AX.

If a user group has more permissions than the related default role, you can create a custom role based on the user group. We recommend that you nest the default role under the custom role, so that the custom role includes the permissions from the default role. The following table provides an example.

Use an abbreviation of the company name or function as a prefix in the name of a custom role, such as MS_CustomRole.

Whenever you can, customize security settings in a custom model. By using a model, you can more easily export security settings from, and import security settings to, a specific layer.

Security keys

The concept of security keys no longer applies in Microsoft Dynamics AX 2012. Instead, privileges and permissions are used to implement role-based security. By default, thousands of privileges are included in Microsoft Dynamics AX 2012, and each entry point is associated with one or more privileges. If you have created custom entry points, we recommend that you create new privileges that have the View and Full Control access levels. These privileges can then be included in duties or assigned to roles.

See also

Upgrade domains