Inside Security Model of Microsoft Dynamics AX 2012 'Role-Based & Extensible Data Security, Flexible Authentication'

With Microsoft Dynamics AX 2012, the Redmond company is looking to provide customers with greater peace of mind by enhancing control over both authentication (who has access Microsoft Dynamics AX) and authorization (what people are allowed to do after they have access).Dynamics AX 2012 introduces new authorization concepts and a flexible authentication model that will […]

With Microsoft Dynamics AX 2012, the Redmond company is looking to provide customers with greater peace of mind by enhancing control over both authentication (who has access Microsoft Dynamics AX) and authorization (what people are allowed to do after they have access).

Dynamics AX 2012 introduces new authorization concepts and a flexible authentication model that will make it much easier for you to work with your own customers, partners, and vendors through a web-based portal.

"Our goal was to provide flexibility in how people access the data they need without compromising on security, while at the same time reducing the administrative overhead of managing those permissions," Microsoft stated.

Introducing Role-Based Security
"One of our primary goals in AX 2012 was to make security configuration as simple and painless as possible. To achieve this, we adopted a role-based security model, complete with more than 80 predefined roles," revealed Microsoft.

"The new model separates the specific access permissions, such as access to tables or menu items, from the business processes that users work with every day. Defining and assigning permissions is now the responsibility of the application developers. Business consultants and partners can then group these developer-defined permissions according to unique business requirements and established processes."

"We spent significant effort and research defining a set of more than 80 baseline role definitions (along with more than 700 duties and several process cycles), which ship with AX 2012. So, rather than configuring permissions and defining roles from scratch, the administrator's task is to fine-tune existing roles to match your particular organization. For the more day-to-day operational tasks, such as assignment of users to roles, AX 2012 introduces new features such as "Dynamic Role Assignment," "User-to-Role-to-Organization Assignment," and some level of Windows PowerShell-based management. Administrators-especially anyone who's managed ERP security configuration in the past-will appreciate the ease of the new model, which has cut the time required to configure security by as much as several weeks among some of our Technology Adoption Program (TAP) customers. This, in turn, means that our customers are able to go live with their business application more quickly than they could in the past, improving their time to value. The new model also means that applications and add-ins created by developers and independent software vendors (ISVs) are secure by design. Especially in industries with stringent compliance requirements, the ability to demonstrate the security of your applications out-of-the-box can truly bring peace of mind," Micorosft explained.

Extensible Data Security
Although role-based security will streamline deployment and management, our customers have also been asking for finer, more granular control over access to specific data within the organization. Role-based security controls access to menu items and types of data, such as customers or purchase orders, but in the real world, you may need to control access at a more detailed level, such as by geography, company, or division. AX 2012 enables organizations to define authorization policies dynamically so that access to business data can be controlled based on sophisticated business rules. This enables you to easily adapt security configurations that give the right people access to the right data-and only the right data-without compromising your organization's data access policies.

Flexible Authentication
Third major security enhancement in AX 2012 relates to authentication, which determines who is able to access the ERP solution. With the growing need to integrate more closely across the supply chain, authentication has become a pressing need for many of our customers who need their suppliers, partners, and customers to be able to directly interface with their ERP.

"Our new flexible authentication model makes it much easier for external users to securely access ERP data through the Enterprise Portal or other web-based applications. Building on the Windows Identity Foundation, we've extended the authentication model in AX 2012 by using open-standard application programming interfaces (APIs). This simplifies administration of these external accounts by allowing authentication using Active Directory Federation Services (ADFS), Windows Live ID or other similar methods (e.g. Forms based Authentication), without requiring the external parties to be provisioned in an Active Directory domain," the software company explains.