Within AX 2012, we have the ability to grant, upgrade, downgrade or revoke Role access when using security permissions:
1. It is best to revoke or downgrade access when the number of menu items you would like to revoke or downgrade are limited. If it is not limited, this is a critical sign that you need a role with less access.
In an alternative scenario, if you need to provide only limited permissions to the Role, then:
2. It is best to start from scratch and upgrade access – Create a new Role and grant Privileges or drag and drop the Duties into the Role rather than using the existing out-of-the-box Roles and revoking permissions. If these best practices are not followed, the risk of creating unnecessary duplicates of security permissions such as Duties with revoke access Privileges can ultimately amount to junk data in the system.
3. If you are working on providing limited access to a menu item, then revoke the menu item’s access completely (no access) and then upgrade access levels by granting only the access level needed rather than downgrading or revoking access of a privilege and going one by one for the menu item, buttons, and fields.
4. While revoking access it is also important to decide, if you would like to revoke access to the menu item in question from all the other Roles performing the same Duty or just from a particular Role.
If you do not want any other Role to be impacted then it is best to always duplicate the Duty you are modifying, work on the Privileges appropriately, and roll it back to the Role. Most importantly, you need to maintain a consistent naming convention while creating these new objects.
5. You may wonder how much effort it takes to tailor to the needs of traceability and audit logs for all these tasks you perform in order to simply downgrade or revoke a Role’s access to menu items.
An alternative to avoid manual inputting of data would be to utilize the Arbela Security Manager (ASM) which will provide a one-click solution to these complexities and time consuming tasks. This solution makes it quick and easy to modify security permissions and maintain audit tracking and traceability.
Click here to learn more!