The following are the improvements with regard to data security:
- Role-based security
- Server-enforced security
- Extensible data security framework
- Flexible authentication
Data security is much easier to manage. In AX 2012, users are assigned to roles based on the duties and responsibilities they have and access is granted based on those roles. This change puts an end to the tedious and time-consuming process of assigning users based on application objects. Once set up, role assignments can easily be updated based on the business data.
Authorization is performed on the server rather the client, consistently enforcing permissions on protected fields regardless of the type of client. The server sends the client only the information that the user has been granted access to, resulting in increased data security.
AX 2009 did not offer the facility to use data security based on effective date. However, in AX 2012 administrators can specify whether users have access to past, present, or future records with different levels of access, which creates much for flexibility to all the different iteration in the use of data throughout the life of the application.
Further, the new version can also be used to create data security policies based on data contained in a different table.
For example, in previous versions you could not filter sales lines by customer location because those were stored in different tables, but the new version makes that totally possible.
Data security policies are enforced at the server regardless of the type of client used to access the data.
Authentication of users by methods other than Active Directory allowing external users to access Dynamics AX without a required domain account.