Microsoft Dynamics AX Security in Older Versions

In previous versions of Microsoft Dynamics AX, 4.0, 2009, security roles did not come out of the box.  Even when they did, at times the security was lacking standards such as SoX compliance.  For years, Encore has been helping clients tailor their Dynamics AX security to meet changing rules, stricter regulations or security roles to fit business processes.

AX Security

Common recurring security regulation issues include:

  • Admin User groups (access to create, insert, export user groups)
  • Admin Users (ability to assign user groups to users)
  • Admin Users2 (ability to insert/edit AX active directory users)
  • Ability to restrict role(s) to insert or edit vendor master files
  • Ability to restrict role(s) to generate a payment
  • Restrictions around master file creations, such as worker, item, project category etc.
  • Ability to restrict which roles have access to the database audit log, or insert new log activities
  • Ability to restrict which roles have access to process foreign exchange adjustments, per module
  • Ability to restrict which roles have access to edit report modifications
  • Ability to restrict which roles have access to access batch processing
  • Ability to restrict which roles have access to AOT
  • Domain control security roles (*With testing and situational*)

Commonly created roles include:

  • Super Admin role
  • Accountant role
  • Supervisor role
  • Controller role
  • Bank supervisor
  • AP/AR/Bank/GL Clerk roles
  • Accounts Payable Supervisor
  • Accounts Receivable Supervisor
  • Fixed Asset Supervisor
  • Fixed Asset Clerk
  • Inventory roles
  • Warehouse roles
  • Procurement roles
  • Project roles
  • Posting roles **(best to be controlled by Journal controls, see below)
  • Security user group creation and assignment roles
  • Read only roles

Journal controls and user group security:

Journal controls in conjunction with AX security groups can be used to invoke matrix journal posting. A couple of examples of this could include:

Scenario One:


Scenario Two:


Encore can also complete role analysis after spending time familiarizing ourselves with an organization’s processes and security concerns and requests.  Security reports available for download from Microsoft help the analysis of current roles and identify areas of risk.  Encore can complete the analysis and provide new, complex AX security roles with quick turn-around.  In addition to modifying the roles, Encore can provide guidance on testing strategies, test scripts, security assessment and areas of recommendation or risk. Please contact us if you’d like to learn more about Dynamics AX.

Contact Us About Your AX Needs

We specialize in providing technical assessments, break-fix support, optimization services, and solution expansion projects for Dynamics AX (Dynamics 365 for Finance and Operations)

Contact Us

Contact Us About Your AX Needs

Contact Us