Properly restricting security in Dynamics AX 2012 often requires using the “override permissions” function that is available when defining a security role.
This is because it is possible to assign a user to security privileges that only grant “Inquiry” access to certain forms in AX, yet the user will the ability to actually update the tables related to those forms. (Example: the user can update the vendor master table, even though he/she only been granted “inquiry” access to the vendor master form in AX). This occurs because AX grants access to the “Demand buttons” (Create, Edit, Delete) based on table level access, not access to the forms.
Using vendor maintenance as an example, there are some duties unrelated to vendor maintenance (example: invoice processing) that grant a user “full control” of the vendor master table. Those duties may not necessarily offer the means to navigate to the vendor master in order to make any updates to it. However, if that same user is given a security privilege that allows him / her to inquire upon the vendor master table, then he/she now has the means to both access the vendor table and update it. In such scenarios, it is necessary to use “override permissions” to restrict table access and thus ensure that users assigned to that security role have “view only” access.
This article was written by Matthew Boese, Partner at Tridea Partners, a Gold Certified Microsoft Dynamics Partner.