Tuesday, June 27, 2017

AX 2012 Security Unwrapped Series - Security Development Tool

This post will unwrap the Security Development Tool for Dynamics AX.  This is a tool created by Microsoft and applies only to AX 2012.  It is considered pre-production, when installed it will go into the USR layer.

First, here is the link to Microsoft's documentation site which has all you need to install:

Let's walk through the tool and some of its main functions.  When you first open the tool it may take a few moments as it loads all the entry points.  On the left, is the entire menu structure.  Click the + sign to expand.  On the right, are the menu items and names.

Now you can enter in a role, duty, or privilege in the "Type" field and then enter in a respective security object name.  The tool will load the access for that security object.  The below screenshot is after loading Buying agent.  Note that you move the cursor to an item on the left, it will check the object on the right.  Also note that a few field has been loaded to the right - "Access level" which denotes the level of access of the security object that was loaded.

These are the access symbols and what access level they represent.

From the function ribbon, you have access to several functions.  A few are briefly described below (for more information view documentation on Microsoft's documentation site which was noted at the top of this blog entry):

1. Open the security test workspace - This will allow you to test the access of the security object entered using the UI.
2. Start recording - Records all entry points accessed as you navigate in the workspace.
3. Load track file - Loads the entry points that were traced in the Enterprise Portal.
4. Load additional metadata - This will load the effective user license level, labels, layer, and model.

The most useful, in my humble opinion, is the Load metadata to see the effective user license:

There are also some useful shortcut menu options: (1) Reference duty and (2) Reference privilege.  Cursor to a menu item on the left, right click and select one of the shortcuts.  Below is a screenshot after selecting Reference privilege:

In Summary, the tool is great for the security administrator.  It allows you to quickly identify the name of menu items and then find the specific duty or privilege you need to grant.  You can verify what access a specific role, duty, or privilege has.  And lastly, you can analyze licensing and see what menu item is associated with the Enterprise, Functional, and Task.

No comments:

Post a Comment