New version of AX has a couple of changes in the security architecture. Process cycles are removed (no one really used them in AX 2012) and record level security is finally obsolete.
However, because of new code architecture and restrictions that came with it, there are some changes in the way how we create new security artifacts. Previously, in AX 2012, all security objects were stored in AOT as a metadata, even if you did security setup from UI new objects were created or changed in AOT. Now, because of .Net platform, we cannot generate assemblies on the go, so there are two ways how to create security objects:
- Create security objects in Visual Studio.
Nothing has changed here, developer can create or edit new roles, duties and privileges in AOT. Then they can be deployed via deployable packages. For today’s blog I created simple role, duty and couple of privileges.
- Create security object from UI.
In current version experience is similar to AX 2012, where user can create and edit security objects from UI, but under the hood AX does not create any objects! All changes are stored as a data. On screenshot below you can see new role created by me for this article.
New role has one duty and this duty has only one privilege. Now I’m going to add one more privilege “My PrivilegeTwo” to my duty. To do this you need to select a duty you want to modify, click “Add references” and select a privilege you want to add.
After that, you may notice “unpublished objects” and you can either publish them or undo.
Let’s add one more privilege in AOT.
As you can see, in AOT my duty consists only from two privileges, however, in UI AX shows three:
Two of them were created by developer in AOT and one was done in UI and is stored as data.
In next blog post I will show how to deploy security data changes across environments and how to use Security diagnostics tool.