Overview
Some of
the database tables might contain some sensitive data which needs to be secured
at the additional level to the security roles/privilege. The data such as
employee’s personal details and salary details, financial data of the
organization etc. should only be allowed to designated personnel of the
organization to manage or view. In Microsoft Dynamics AX, this level of
security can be imposed on the data by AOS Authorization.
AOS Authorization is a property associated with the TPF i.e. Tables Permission Framework in Dynamics AX, that adds additional level of security to the tables consisting sensitive data, and allows the administrator to manage access to such data.
When an attempt is made to access or to perform any operation on TPF-protected table, the AOS verifies if the user is authorized to perform respective action on the table. If the user does not have the appropriate permissions, the AOS does not complete the operation. These operations could be read, create, update or delete.
AOS Authorization is a property associated with the TPF i.e. Tables Permission Framework in Dynamics AX, that adds additional level of security to the tables consisting sensitive data, and allows the administrator to manage access to such data.
When an attempt is made to access or to perform any operation on TPF-protected table, the AOS verifies if the user is authorized to perform respective action on the table. If the user does not have the appropriate permissions, the AOS does not complete the operation. These operations could be read, create, update or delete.
AOS Authorization Property
When concerned about how to enable AOS authorization on a table, following are the possible values for the AOS property on the table.
·
None
·
CreateDelete
·
UpdateDelete
·
CreateUpdateDelete
·
CreateReadUpdateDelete
The default value
for AOS Authorization property on any table is None. Let’s say if the AOS authorization is set to CreateDelete on
a table, then the AOS will authorize and confirm if the user has appropriate
permissions for Create and Delete operations on the table. If the required
permissions are lacked by the user, the application throws an exception.
However, the rest of the operations, i.e. Read and Update are not checked by the
AOS.
The AOS performs
the authorization of TPF-protected tables by the following table methods.
·
aosValidateDelete
·
aosValidateInsert
·
aosValidateRead
·
aosValidateUpdate
Creating Security Roles for
TPF-Protected Tables
Suppose if a report in Dynamics AX contains
sensitive data related to an employee along with other basic information. If
that sensitive data is maintained by a table which has the property AOS
Authorization set to CreateReadUpdateDelete, then the report
might not execute successfully by the user if at least Read permission is not
granted to the user.
When creating the security privilege for the report getting data from the TPF-protected tables, we need to add the given table to security privilege and specify permissions explicitly for that table.
When creating the security privilege for the report getting data from the TPF-protected tables, we need to add the given table to security privilege and specify permissions explicitly for that table.
