Within AX 2012, we have the ability to grant, upgrade, downgrade or revoke Role access when using security permissions. While granting or upgrading access, it is a best practice to grant permissions using existing Privileges which provide the desired level of access (viz., view or full control). Although it may seem like the quickest choice to simply create a new Privilege with desired access levels and grant permissions for that specific Role; an example of the drawbacks of granting this permission would be if you choose to provide access to the global address book:
- Using a new Privilege – You might tend to provide access to only the menu item ‘GlobalAddressBooklistPage’. But will this be enough for all situations? We would also need access to the related functions such as: Edit, Maintain documents, Email Distribution, Address book, Etc.
- Using existing Privileges – These existing Privileges will provide access to all the related menu items in order to use the Global Address Book in its full capacity with the desired access level.
The complexity involved is the task of finding these exact Privileges among a few thousand out of the box Privileges. Moreover, it becomes a tedious and time-consuming process to cater to the needs of traceability and audit logs for all these tasks we perform in order to simply grant or upgrade a Role’s access to menu items. An alternative to avoid manual changes would be to utilize the Arbela Security Manager (ASM) which will provide a one-click solution to these complexities and time consuming tasks. This solution makes it quick and easy to modify security permissions and maintain audit tracking and traceability.
Click here to learn more!