CHAPTER 1: ARCHITECTURE
CHAPTER 2 : DATA DICTIONARY
CHAPTER 3 : USER INTERFACES
CHAPTER 4 : SECURITY
Lesson 5 : Change Privileges on a Duty
The Security roles and privileges assignment to duties is maintained by a developer in the security node of the AOT.
The Security privileges and privileges form available in the rich client displays all duties defined in the application and the privileges associated with each duty. Duties are grouped by process cycle. Privileges cannot be added to a duty from here.
Security roles and privileges help determine your licensing requirements for Microsoft Dynamics AX 2012. In addition, be aware that modifying security roles may change your licensing requirements. For more information about how licensing relates to security, see the Security roles and licensing white paper for Microsoft Dynamics AX 2012.
If the security privileges, duties, and process cycles that are provided with Microsoft Dynamics AX do not meet the requirements of your business, you can create new privileges, duties, and process cycles. Only the Microsoft Dynamics AX administrator can create or modify a security privilege, duty, or process cycle.
The security model is a hierarchy, with each element representing a different level of detail. At the top of the hierarchy are process cycles. Process cycles are composed of duties, and they represent business processes, such as the expenditure process. Duties are composed of privileges, and they represent parts of a business process, such as maintaining bank transactions. Privileges are composed of permissions, and they represent access to tasks, such as canceling payments or processing deposits. Permissions grant access to application elements, such as forms and menu items.
Both duties and privileges can be assigned to roles to grant access to the application. Process cycles are used only to organize duties and privileges. If a duty or privilege is not assigned to a process cycle, that duty or privilege is not available in the Security privileges form. To work with duties and privileges that do not appear in the form, you must use Application Object Tree (AOT).