Security Management Best Practices: Granting/Upgrading Access

Within AX 2012, we have the ability to grant, upgrade, downgrade or revoke Role access when using security permissions. While granting or upgrading access, it is a best practice to grant permissions using existing Privileges which provide the desired level of access (viz., view or full control). Although it may seem like the quickest choice to simply create a new Privilege with desired access levels and grant permissions for that specific Role; an example of the drawbacks of granting this permission would be if you choose to provide access to the global address book:

  1. Using a new Privilege – You might tend to provide access to only the menu item ‘GlobalAddressBooklistPage’. But will this be enough for all situations? We would also need access to the related functions such as: Edit, Maintain documents, Email Distribution, Address book, Etc.
  2. Using existing Privileges – These existing Privileges will provide access to all the related menu items in order to use the Global Address Book in its full capacity with the desired access level.

The complexity involved is the task of finding these exact Privileges among a few thousand out of the box Privileges. Moreover, it becomes a tedious and time-consuming process to cater to the needs of traceability and audit logs for all these tasks we perform in order to simply grant or upgrade a Role’s access to menu items. An alternative to avoid manual changes would be to utilize the Arbela Security Manager (ASM) which will provide a one-click solution to these complexities and time consuming tasks. This solution makes it quick and easy to modify security permissions and maintain audit tracking and traceability.

Click here to learn more!

Posted in General, Technical | Leave a comment

How to Format Numbers, Dates, Etc. Within AX 2012 in Both Forms and Reports

Formatting in AX reports (SSRS reports)
i.e. numbering formats, date formats, etc.

This function is controlled through the language settings in the AX Tools/Options. Exceptions being AR/AP output reports such as invoices, etc. These are controlled by the language setting within the customer/vendor menu.

Formatting in AX reports 
i.e. numbering formats, date formats, etc.

This is controlled through the windows settings on the AX client computer.

In other words, reports formatting is controlled through the AX user’s setup in the Options section. This can be easily setup for various locations.

Forms formatting can also be setup alternatively for different users, but it is dependent on how the AX infrastructure is setup (how and where the AX client is installed).

If the AX client is installed on each individual user’s desktop computer, then each desktop’s windows setting is controlling the formatting in the forms. If the AX client is running in a citrix/remote desktop type structure the users are most likely running the same AX client and therefore all the user’s formatting in the forms will be the same. In this case, we have at least two separate citrix/remote desktop computers with each including an AX client, so one location would be using one of these (with windows setup for geographically local number formatting) and the other location would be using the other (with windows setup for geographically local number formatting).

For more information please contact Amir Khoshniyati.

Posted in Technical | Leave a comment

How do I restore user roles back to ‘factory settings’?

Recently I received this question: Do you know a quick way of restoring user roles to ‘factory settings’?

The way to do it would be to delete the modified layers of the security objects, so basically use Filter to auto accumulate all security Roles, then delete them, you will have to do this for all layers where security changes exist.  This will leave the SYS/SYP versions of the Roles and thereby bring them back to standard or ‘factory settings’.

In the AOT create a new project then open it.


Click on the filter button. 


This allows you to filter objects into your project.  Press Select then in the inquiry make sure the following information is entered.


Once entered click OK and the filter will add all Security Roles to your new project.  When finished select all (Ctrl+A) the Roles, right click, select delete, and AX will ask if you’re sure so don’t do it if not!

After this login to other layers with any security changes and delete them using the same project, no need to filter again!


Posted in Uncategorized | Leave a comment

Why can’t I create an alert rule for a user who has access to the trigger?

When setting up an alert for a user who has access to the trigger, one may receive an infolog message saying ‘Insufficient rights for user <user>’ .

As it turns out the System User Role does not have access to all the needed tables in order for an alert to run.  A user needs access to the following tables in order for alerts to work (for a non-System Administrator).

NGPCodesTable_FR and InventFiscalLIFOGroup

By default a System User should be able to access and create alerts, however because of the absence of ‘read’ access to both tables, System users could not be alerted. This is a bug in most R1 and R2 cumulative updates.  Microsoft plans on resolving this in the R3 release!

Posted in Technical | Tagged , , , , , | Leave a comment

Task recorder not working?

When running task recorder in Dynamics AX 2012, do you receive an error noting that ‘Recording could not be initiated’?  This is most likely because the Default_Default node is not directly usable for recording, rather it is just a main node under which you may create actual recording nodes.

So if you are on the default node and click New node, it will create a recording node for you (note the different icon), to start recording.  See below:

It is also possible to import a node structure from excel, as described in the attached document, see below where I filled in a simple structure for sales and imported it.

After the import (note: when importing like this it is possible to create a structure with multilevel master nodes, each having recording nodes under them.  In order to enable the import hierarchy button one needs to set Task recorder to advanced mode.

When using the import method repeatedly on the same excel spreadsheet, it will just create a new node and you will now have two nodes with a structure under them.  If the old node is deleted all recordings in that node will also be deleted (in Task recorder) but remain in the specified folder.

Posted in Technical | Leave a comment

Getting detailed error information when an SSRS report fail printing

If you get the error below when printing a report in AX2012,

You can enable on remote errors by going to the SSRS server in SQL management studio and set the below property to TRUE,

- Carsten Glem

Posted in Technical | Tagged , , , | Leave a comment

Identifying the SSRS report name you need to modify

If you need to modify an SSRS report and you have problems identifying the actual name of the SSRS report (sometimes the code is so complex that it can be difficult to find out which SSRS report is actually printing), instead of digging into the code to find the SSRS report name that is used, you can just print the report to screen and then right click on the
report printout and chose Export/CSV, this will bring up the ‘Save As’ dialog, there you can  see the suggested file name, which reflects the name of the SSRS report name/design.

Posted in Technical | Tagged , , , | Leave a comment

Questionnaires in Vendor Portal

Dynamics AX2012 has a great feature allowing you to published pre-made questionnaires on the vendor portal.  This is a great asset in ascertaining vendor feedback and suitability.  They also can be used to obtain information about prospective vendors and products.

Before you can use a questionnaire, you must set up tests, questions, answers, and questionnaire measurements.  Those setups are straight forward and well documented, however you might have difficulty in publishing those questionnaire records on the vendor portal.

To do that you must do the following:

        1)      Add a relation to my AX users that will have access to the tests

        2)      Add Vendor’s Procurement categories.

        3)    Add Questionnaires to the procurement categories.

1) Under System administration>Common>users>users>Relations>External relations


2) Under Procurement and sourcing>Area page>Setup>Categories>Procurement categories  add vendors.



3) Under Procurement and sourcing/Area page/Setup/Categories/Procurement categories add the questionnaire and be sure to set the activity to ‘vendor management’ type.



View and execute the available questionnaires in the vendor portal.

Posted in Uncategorized | Leave a comment

On a Financial Dimension set, we are getting deadlocks when we enable the “Update balance during the posting process”.

We ran into this issue when a client was using multiple scan guns for receiving product and they were all trying to update and post concurrently.  They were getting repeated deadlocks in the system.

A temporary solution would be to remove the ‘update balances during the posting process’ checkbox.  The deadlock issue will be resolved but there are some consequences that you need to be aware of.
(Forgive the quality of the following picture!)

When the dimension set balances are not updated automatically, there are transactions missing from the summary trial balance.  You will have to resort to rebuilding the balances on a scheduled batch several times a day.

A more permanent solution would be to load the Microsoft hotfix.  The hotfix for KB 2708448 is described as “When you enable “Update balance during the posting process” on Financial Dimension Set, we see the system getting deadlocks.”  This hotfix is not listed as included in CU3.

Contact us to discuss your needs today at

Posted in General | Tagged , , , , , , , | Leave a comment

Adding a new dimension to an existing account structure in Dynamics AX 2012

Microsoft Dynamics AX2012 allows adding a new dimension to an existing account structure. You have to do it in the same way as the initial set up of the financial dimensions.

Go to Company General Ledger -> Setup -> Financial dimensions -> Financial dimensions -> click “new” to create the new dimension (1)

Name the new dimension by clicking on financial dimension values (2).

You will also have to update your account structure.

Go to: General Ledger -> Setup -> Chart of Accounts -> Configure account structures. Choose the account structure you will work on and click the edit button. Validate the account structure after you finished the changes.

Our experience shows that adding a new dimension to an existing account structure can cause a lot of errors. The main reason for this is that existing transactions that are not closed are considered invalid after you made changes to the account structure. The error message looks like this:

“Changes have been made to combination xxx since the combination was last used. The combination must be re-validated to be used.”

The first step to solve the issue should be:

Re-validate the account structures for the affected account (s).

1. Click General Ledger -> Setup -> Chart of Accounts -> Configure Account Structure.

2. Select the Account Structure that affected account number is listed under.

3. Click Edit.

4. Click Validate.

5. Perform these steps for all account structures.

If that does not solve the problem Microsoft provides Hotfixes on the Partner Source Page.

You can go the Partner Source page -> Support -> Self Support -> Hotfixes

Here you will find Hotfixes for:

  • Run the foreign currency revaluation in Dynamics AX 2012. KB Article number: 2661912
  • Try to create a credit note for correction in Dynamics AX 2012. KB Article number: 2670940
  • Relieve or reverse a prior transaction after you make some changes to the account structure in Dynamics AX 2012. KB Article number: 2579342
  • Reverse a bank check for a payment journal in Dynamics AX 2012 KB Article number: 2713136







Posted in General, Technical | Tagged | Leave a comment