AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск Все разделы прочитаны

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 02.09.2010, 22:05   #1  
Blog bot is offline
Blog bot
Участник
 
25,631 / 848 (80) +++++++
Регистрация: 28.10.2006
emeadaxsupport: Special Permission Settings in Dynamics AX 2009
Источник: http://blogs.msdn.com/b/emeadaxsuppo...s-ax-2009.aspx
==============

We often get several questions about setting up security in AX and what the overiding security rights when using several groups with dfferent security configurations. There are 3 important ways to set up Security in Dynamics AX as follows:

• By using several user groups and use intersection to give rights

• By using the permissions to give rights

• By using table properties to change rights



Our design sequence is ascending (goes from top to bottom).
First you give the parent node the highest access you need below. Then you give the child nodes the rights that are needed. If this differs from what is inheriting from the access to the child node, then it’s considered as a Specific Right and hence overrules everything else.

To avoid creating a Specific Right access, you can change the Table property MaxAccessMode to what you need, and that way avoid a specific right. This property decides what should be inherited from the parent key.

We often experience that the parent key has No Access and then tables below get Specific rights. This is an incorrect use of specifying access rights (A similar example would be the same as you are not allowed to board a flight, but have booked flight seats afterwards).

Furthermore it is important to look at security settings at both parent and child nodes.


In this example Project is the parent key (Proj), Tables (ProjTables) is both Parent Key for the tables below and child for Project.

If you assign permission to a parent-node key (for example, if you select Project/Tables and then select Full control ) all child nodes inherit the same permission (=Table property MaxaccessMode). If you do not want all child nodes to inherit the same permission, you can change permissions on individual child nodes.



What is a Specific Right?:
A specific right is when you change child permission so it differs from the parent node or the table property “MaxaccessMode”. Remember it will overrule all other access rights.


For more information on setting up security in AX, see document links "Manage table and field access" at http://technet.microsoft.com/en-us/l.../aa834466.aspx (or http://msdn.microsoft.com/en-US/libr...(v=AX.50).aspx), and this is the area we get most questions combined with the setup described "Create user groups" at http://technet.microsoft.com/en-us/l.../aa548611.aspx. You have to combine the both the articles to get a complete picture. I have tried to summarise the complete picture below:


First an overview. I have taken the overview from http://technet.microsoft.com/en-us/l.../aa834466.aspx and added the several user group situation to the overview



So as you can see from the picture you only get the highest access on several user groups if you don’t have any specific rights.

The highest access can be pictured like this:





The intersection from this will be “Edit” as long as there are no specific rights to one of the groups. If there is a specific right like “No Access” for one table in the view group and the edit group still have “Edit” right on the same table, the final access will be No Access.

So if you still have set up your security to use several user groups and need a specific right for one table you will need to change the user group structure, so you can avoid the specific right in the intersection and/or alternatively you can change the table property MaxAccessMode to the same access level as the parent node and that way you get 2 specific rights in the same intersection, and then the highest level will rule again (this needs to be fully tested in a non-production environment before applying in production).



Other relevant security related articles:



--authors:Mansour Yahya Mohamad and Anders Madsen--editor:Anup Shah--date:02/Sep/2010




Источник: http://blogs.msdn.com/b/emeadaxsuppo...s-ax-2009.aspx
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
Теги
права доступа, ax2009

 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
emeadaxsupport: Proxy settings can interfere Dynamics AX 2009 report deployment Blog bot DAX Blogs 0 20.01.2010 15:05
emeadaxsupport: List of fixes that improve performance of certain features in Dynamics AX 2009 Blog bot DAX Blogs 0 13.10.2009 19:06
emeadaxsupport: Debugging non-interactive X++ code in Dynamics AX 2009 when running on Windows Server 2008 Blog bot DAX Blogs 0 23.09.2009 13:05
gatesasbait: Dynamics AX 2009 SSRS and SSAS Integration Tips Blog bot DAX Blogs 3 09.07.2009 13:07
axStart: Microsoft Dynamics AX 2009 Hot Topics Web Seminar Series Blog bot DAX Blogs 0 06.08.2008 12:05
Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 07:59.