October 30, 2012

Override permissions in a role

I recently came across a trick on setting up security in AX 2012. We wanted to create a new role by copying an existing role and removing a few duties from the role. I managed copying the role through some coding and that went well. However, when I tested the new role, it doesn’t behave exactly the same as the original role. After poking around a bit, I found this nice new function in AX 2012 “Override Permissions” on the role form. As Microsoft noted, “Overrides for securable objects are not associated with specific duties or privileges. If you apply an override, the access level for the object is set for the role, regardless of access levels specified by the duties and privileges assigned to that role.” I found this is better and easier than changing the duties or privilege itself.

You can also go to the AOT and look up in the table SecurityRolePermissionOverride and see what permissions are overridden.

One last note, you don’t want to override too many permissions as it’ll slow down your system performance.

Updated on 2/29/2012
Today had two discoveries on AX 2012 security settings.

  1. Unlike AX 2009, any change from the Security Role/Privileges¬†form (e.g. adding a new role, adding/removing a duty from a role) auto triggers a change on the AOT under the Security section! If you’re working from a usr layer (as a regular functional consultant would do), the changes will be on the USR layer!! I learned this in a hard way as I found all my security settings gone after a recent code deployment. So, if you don’t want to keep redo your security settings in AX 2012, log onto the CUS layer and do the configuration, or merge the code after you’re done on the USR layer.
  2. Another way to duplicate an existing role is to go to AOT>Security>Roles and duplicate the role. Then all duties and permissions will get copied to the new role. Much better.