AX 2012 - Security for Developers - Part I

Hi there!

Roles, duties and privileges security levels cover access to single elements, for example forms, and groups of elements needed to perform a duty. As developers we are responsible for defining more granular security levels by setting access on tables and controls in a form, and/or by associating classes that perform an action with permission (i.e. an action menu item)

In this article I would like to discuss, in detail, form permissions, code access permissions and how to create security policies using the extensible data security (XDS) method.

Form Permissions

Each form in the Application Object Tree (AOT) has a permissions node. It contains either four or five sub-nodes - Read, Update, Create, Delete and Correct. Now, correct is only displayed if a table in the form has Date Effective data.

Further, under the above nodes are four additional nodes - Controls, Tables, Server Methods and Associated Forms. When we add a table to a form data source, this table is automatically added to the Tables node for each of the Permissions sub-nodes.  In addition, each of the nodes under the Tables node has an EffectiveAccess property which sets what access is allowed to the table and the EffectiveAccess property is automatically set based on properties on the data source.  

So, this is where all makes sense, if the data source property AllowDelete is set to No, the EffectiveAccess property is set to Update. If the data source property AllowEdit is set to No, the EffectiveAccess property is set to Read.

NOTE: To set the security access for a form control, we need to set the Securable property on the control to Yes. Then, this control can then be added to the Controls node under each of the permissions nodes.

Code Permissions 

These are a set of custom permissions that are created manually in the AOT under Security > Code Permissions.

For example, action menu items, can use these by setting the LinkedPermissionType property to CodePermission and the LinkedPermissionObject to the name of the code permission. Now, the great benefit about code permissions is that it can be extended to Service operations as well. This can be done by setting the Code Permission property under the Service operation > Operation method > Permissions > Associated Code Permissions node.

The following image depicts an access to post a Free-Text Invoice

Security policies - Developing an XDS Policy 

The following walkthrough will show how to create a security policy that limits users from viewing other user’s prospects. This can be seen a lot in a sales environment, where one sales person does not want the other to see his/her prospects, well who wouldn’t?

So for this example, we are going to use the smmBusRelTable where leads can hopefully become the future buyers of our products.

A lead/prospect is stored in smmBusRelTable, and the employee who is responsible for the prospect is stored in the MainContactWorker field.  In AX 2012, an employee is connected to the current user through the DirPerson and DirPersonUser tables.

There are two stages in creating the XDS policy:

1-      Create the policy query.

2-      Create the security policy.

Creating a Policy Query 

The steps to create the policy query are as follows:

1. In the AOT, create a new query, rename it to HcmWorkerUser.
2. From a second AOT, locate the table Data Dictionary > Tables >  HcmWorker. Drag the table HcmWorker to the Data Sources node of the query.
3. In the property sheet of the Fields node of the HcmWorker_1 data source, set the Dynamic property to Yes.
4. From the second AOT (Press CTRL + D to open a new AOT), locate the table Data Dictionary > Tables > DirPerson.
5. Drag the table DirPerson to the Data Sources node of the HcmWorker_1 data source.
6. In the property sheet for the DirPerson_1 data source, set the Relations property to Yes.
7. In the property sheet for the Fields node of the DirPerson_1 data source, set the Dynamic property to Yes.
8. From the second AOT, drag the table DirPersonUser to the Data Sources node of the DirPerson_1 data source.
9. In the property sheet for the DirPersonUser_1 data source, set the Relations property to Yes.
10. In the property sheet for the Fields node of the DirPersonUser_1 data source, set the Dynamic property to Yes.
11. Right-click the Ranges node of the DirPersonUser_1 data source, and select New Range.
12. In the property sheet for the new range, set the Field property to User, and the Value property to (currentUserId()) as it appears.
13. Save your changes to the query.

Creating a Security Policy 

Follow these steps to create the security policy:

1. In the AOT, expand the Security node.
2. Right-click the Policies node and select New Security Policy.
3. In the property sheet for the security policy, set the Name property to SmmBusRelUser, set the Label property to Limit Prospects by User, set the Primary Table property to HcmWorker, set the Query property to HcmWorkerUser, set the ContextType property to RoleName, set the RoleName property to TradeSalesRepresentative, and set the Enabled property to Yes.
4. Expand the SmmBusRelUser security policy.
5. Right-click the Constrained Tables node and select New > Add table by relation.
6. In the property sheet for the new constrained table, set the Table property to smmBusRelTable, set the TableRelation property to MainContactWorker. Save your changes to the policy.

Now, if you were to login with the name of a sales person, you could see that you will only have access (view) your prospects because when creating the policy query we set the currentUserId() to the value of the query range.  Also, because a user is related in DirPerson and DirPersonUser tables, the policy is able to associate the user id with records in the smmBusRelTable.

That is all for now, and stay tune for the next series of security for developers as I will go in detail on consuming a secured class and setting authorization for display methods.

Until then!



The Future of the Microsoft Dynamics AX Client?

I came across one of Brandon George posts today where he touches a very interesting idea around the future of the Microsoft Dynamics AX client with technologies such Windows 8, XMAL, and HTML 5. 

The post is helpful and it really makes a lot of sense when you start thinking about it. I somehow think that everything is going to end up in the cloud very soon and that "clients" will run based on very simple based systems. Anyway, he will be at convergence talking about this stuff, so let's make sure we follow his tweets at @DynamicsERP

You can access his post HERE

Take care!

Microsoft Dynamics AX 2012 Services and (Application Integration Framework) AIF architecture

Hi there!

In this post I would like to discuss, in detail, the Application Integration Framework (AIF) and its capability to integrate Microsoft Dynamics AX 2012 with other systems inside and outside an organization.


So what is the AIF and why is important?


The AIF provides capability to integrate Microsoft Dynamics AX 2012 with other systems inside and outside an organization by enabling the exchange of data through XML.


This formatted XML is referred to as a document, and each document contains data and business logic. Documents are based on a document class and defined by using Microsoft Dynamics AX.


Further, AX 2012 ships together with standard document services that support common business processes. As in AX 2009, in AX 2012 we can also customize existing services or create our services.

How documents are exchanged?

The AIF provides an extensible framework for the exchange of XML documents with external systems. The framework supports both synchronous and asynchronous transports.

In synchronous mode, requests are tightly coupled to responses, which means that the submitter of the request must wait for a response from AIF before proceeding.  In this case, AIF does process the request immediately and then sends a response.

In asynchronous mode, however, requests are placed into a queue, called the gateway queue. Queued messages are processed at a later time and AIF sends a response when processing is completed. In this case, responses are delayed, but note that large volumes of messages can be processed more efficiently, and message processing can be controlled by changing various configuration settings. Further, the AIF can be used to send and retrieve data into/from AX.


Inbound / Outbound Exchanges

Inbound exchange, an external system may send a sales order so that the sales order can be saved to the Microsoft Dynamics AX database.
 
Outbound exchange, an external system may send a request for a purchase order and receive the purchase order.

The inbound and outbound exchanges can be categorized in the following ways:

• Send data – AX sends documents to an external system.
• Send data in response to requests – AX receives requests for documents from another authorized system, and retrieves the requested information, such as a document or a list of documents, from the AX database. Then AX returns the information to the requesting system.
• Receive and create data – AX receives documents from another authorized system and creates new records in the Microsoft Dynamics AX database.

AIF Architecture

AX 2012 exposes its functionality through services that are based on Windows Communication Foundation (WCF) and hosted on Application Object Server (AOS).

External applications and client applications on the local area network consume AX services by accessing them directly from AOS. These clients and applications include AX components such as the AX client, Office Add-, and Enterprise Portal.

The following diagram illustrates the services and AIF architecture.





Application Integration Framework Process

• Internet-based external applications and clients access the AX services through Internet Information Services (IIS).
• IIS routes the incoming requests for AX services to AOS. All services requests, regardless of their origin, are handled by the WCF runtime that is hosted on AOS.
• The AIF request pre-processor, if it is configured, can intercept the inbound request messages for custom preprocessing, such as message transforms or value substitutions.
• The AX service invokes the necessary business logic to process the inbound request message.
• Similarly, the AIF response post-processor, if it is configured, can intercept the outbound response messages for custom post-processing, such as message transforms or value substitutions.
• The AIF response post-processor then returns the response to the client.

NOTE:  Microsoft Dynamics AX 2012 no longer includes a BizTalk adapter. For more information about how to use Microsoft BizTalk Server together with Microsoft Dynamics AX 2012, see Exchanging documents between BizTalk Server and AIF.


Services in AX 2012

Application Object Server (AOS) is the Windows Communication Foundation (WCF) service host for Microsoft Dynamics AX 2012 services that are exposed to users and applications on an intranet.

• To consume services over the Internet, you must host services on Internet Information Services (IIS).
• Services that are hosted on IIS use the WCF message routing service. IIS routes all service requests to AOS.
• All service requests are processed on AOS, regardless of whether they originate on the Internet or an intranet. AOS then returns a response to the service consumer via IIS.
• Exchanges that are configured to use Web services are processed synchronously and therefore are not queued.
• AX deploys the service that is based on Web Services Description Language (WSDL) to a subfolder of the virtual directory that is associated with the Web site that you provide.

NOTE: In general when dealing with the AIF, keep in mind that the AIF user names and passwords are encrypted in the Application.Host configuration file located in C:\Windows\System32\Inetsrv\Config. Therefore, DO NOT copy files from other environments into this location when the AIF and/or Workflow are running in the same machine.


AX 2012 supports the following three kinds of services:

• Document services are query-based services that can be used to exchange data with external systems by sending and receiving XML documents. These documents represent business entities, such as customers, vendors, or sales orders.
• Custom services can be used by developers to expose any X++ logic, such as X++ classes and their members, through a service interface.
• System services are provided by Microsoft Dynamics AX. System services include the Query service, the Metadata service, and the User Session service.

Further, system services are not customizable, and they are not mapped to any query or X++ code. For more information about system services, see AIF System Services.


Integration ports in AX 2012

In Microsoft Dynamics AX 2012, integration ports provide simplified administration of services and Application Integration Framework (AIF). Integration ports replace the AIF endpoints and related concepts that were used in previous releases of Microsoft Dynamics AX.

• Each integration port can expose one or more services, and each integration port has a unique Uniform Resource Identifier (URI) that identifies the address of the port.
• Each integration port also has a direction. An integration port can be either an inbound integration port or an outbound integration port.
• An inbound integration port is a destination for messages that originate from outside Microsoft Dynamics AX.
• An outbound integration port is a destination for messages that originate from your Microsoft Dynamics AX system. Inbound integration ports can be one of two types: basic or enhanced. Outbound integration ports are always enhanced ports.

Basic integration ports

Basic integration ports are exposed at a specific Windows Communication Foundation (WCF) endpoint on the Application Object Server (AOS) host. Only a developer can create a new basic integration port.
 

Enhanced integration ports

If you want advanced integration capabilities that you can use to customize the behavior of an integration port, you must create an enhanced integration port.

Enhanced integration ports provide the following capabilities that basic integration ports do not provide:

• A variety of protocols are supported through WCF adapters. These protocols include HTTP, NetTCP, and Message Queuing, which is also known as MSMQ.
• Enhanced integration ports also support a file system adapter that lets you use file paths as addresses.
• You can perform pre-processing and post-processing of service requests and service responses.
• You can create customizations for data contracts by specifying service operations and policies for document data.
• You can specify advanced security and troubleshooting settings.

Adapters

In AX 2012 services and AIF, integration ports use adapters. These adapters enable AX to communicate by using various transport protocols.

AX 2012 provides the following four adapters that represent predefined bindings:

HTTP adapter – This adapter provides for synchronous message exchanges by using an HTTP or HTTPs transport.

NetTCP adapter – This adapter provides for synchronous exchanges by using WS-* standards support over the Transmission Control Protocol (TCP) transport.

This adapter corresponds to the WCF-NetTcp binding in Windows Communication Foundation (WCF).

MSMQ adapter – This adapter provides support for queuing by using Message Queuing as a transport. Message Queuing is also known as MSMQ.

Message Queuing is a type of asynchronous communication. This adapter corresponds to the WCF-NetMsmq binding in WCF.

File system adapter – This adapter provides support for the asynchronous exchange of documents through file system directories.


Messages and transforms in AIF

In AX 2012 services and AIF, a message corresponds to a Windows Communication Foundation (WCF) message. A message is a self-contained unit of data that can consist of several parts. These parts include a body and headers. When AIF receives and processes an inbound message, it generates an outbound message in response.

Although AIF supports the transfer of data in any arbitrary format, most information exchanges with AIF services use XML documents.

In order to create an XML document that adheres to a standard for a particular exchange of information, AIF requires XML documents to follow an XML style definition (XSD). XSD files (which have a .xsd file name extension) are meta-documents that describe the format, or schema, of XML documents that declare the namespace of the XSD.

Each schema includes rules about the hierarchical arrangement of XML elements, which elements must be present in the document, and other such requirements.


Schemas

1-Document service schemas: Each document service has a unique schema that describes the fields that can be added, read, updated, and so forth, by using the particular document service.

2-Message schema: Asynchronous exchanges require XML messages to be contained by the AIF message envelope. The namespace for the message schema is:
http://schemas.microsoft.com/dynamics/2011/01/documents/Message

3-Message-set schema: AIF uses the message-set, or batch, schema to contain batched AIF messages in asynchronous exchanges. The namespace for the message-set schema is:

http://schemas.microsoft.com/dynamics/2009/06/documents/Batch

4-Entity key schemas: AIF uses entity key schemas to contain name-value pairs, such as those used to query for a particular item during a read operation or when sending a response to a create operation. The namespaces for entity keys and entity key lists are:

http://schemas.microsoft.com/dynamics/2006/02/documents/EntityKey
http://schemas.microsoft.com/dynamics/2006/02/documents/EntityKeyList

5-Shared types schema: AIF aggregates common property types in the shared-types schema. The namespace for the shared-types schema is:

http://schemas.microsoft.com/dynamics/2008/01/sharedtypes

6-Fault schema: AIF uses the fault schema to contain response messages about error conditions. The namespace for the fault schema is:

http://schemas.microsoft.com/dynamics/2008/01/documents/Fault


Schema locations

You can save XSDs for particular document services, including their imported schemas (such as the shared-types schema) and any port-specific customizations, when you configure data policies for an integration port.

You can retrieve XSDs for common schemas from the following directory where you installed Microsoft Dynamics AX:
Program files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX\bin\Application\Share\Include


Processing messages

When you use an enhanced integration port for services and AIF, you can perform custom processing of data, such as XML documents, as each message passes through the integration port. Enhanced integration ports use the following two concepts to process messages during inbound or outbound exchanges:

• Extensible Stylesheet Language Transformations (XSLT)
• .NET-based transforms to messages.

In addition, transforms are run for inbound exchanges before they are run for outbound exchanges. Transforms process the whole message. Headers are included in the processing.

NOTE: Transforms apply only to asynchronous exchanges.

.Net-based transforms can convert messages to or from any proprietary format. AX services and AIF can process XML documents only if the documents comply with the service XSD.

If an incoming document is based on XML but uses a different schema, you can use Extensible Stylesheet Language (XSL) to transform the document to the AIF schema.

If an incoming document is not based on XML, such as a comma-delimited file, you can use a .NET Framework assembly to convert the file to the AIF schema.
Pipelines use components to enable the processing of requests for service operations. These components include custom components that are written in X++ code.

For example, if an inbound message contains customer records, your AIF pipeline can contain an XSLT component that updates an element in the XML, based on the value of the customer status element.

Further, your AIF pipeline can contain one or more of any available transformation component. Alternatively, your AIF pipeline can contain no transformation components.

Processing that occurs in pipelines, including XML transformation, applies to both synchronous and asynchronous exchanges.

For inbound exchanges, pipelines are run after transforms. For outbound exchanges, pipelines are run before transforms.

The following diagram shows how data moves through an enhanced inbound integration port.




That's all for now.

Monitoring Pack for Microsoft Dynamics AX 2012

Hi there!

There is a new tool for AX 2012 called Management Pack(similar to the one for AX 2009) that will automatically discover the entire AX environment; This is, AOS's, application frameworks, databases, reporting servers, enterprise portal server and analysis servers. In addition, it monitors each component for configuration, availability and performance.

The Management Pack provides warnings, at an early stage, that an operator can use to quickly identify issues that could affect the performance and availability of the Dynamics AX system.

Feature Summary

• Visual representation of the entire Dynamics AX 2012 environment with health rollup
• Monitors for Database, AOS, Enterprise portal servers, Reporting servers and framework components
• AOS clusters and AOS Servers monitored
• Events view for AOS and Enterprise Portal Events
• SCOM Tasks for most common AX administrative actions

You can download the tool from here.

Take care!

AX 2012 - Run Reports without hitting the Production DB

Hi there!

My fellow Sunriser, Brandon George,  has written an amazing article about running reports without hitting the Production Database.

Form the article:

"Since the default .Net Business Connector configuration for SSRS is pointing back to the same AX instance, when the SSRS instance is executing the reporting and firing the Data Extensions to get to the correct Query object and therefore data, then in this standard approach, we are hitting the production database for your instance of AX..."

"The critical keys that enable this concept are, (1) having the production instance of your AOS and Reporting Server setup, pointing to your SSRS server role within AX. (2) Changing what AOS the SSRS server hits for processing data, by deploying a custom configuration file. (3) Log Shipping is enabled at on the AX Production database, so that the AX Reporting Database is kept up to date with live data."

"...That is code promotion, or change management. Why does this matter? Well simply put, it's because the model store that represents the application now lives as a part of the production database. This then gets replicated when any changes take place."

Brandon George is a Senior Technical Architect at Sunrise Technologies and I personally believe he is one of the few people in the world that has truly master AX. I strongly suggest to follow his blog as it contains valuable, innovative, and critical information about AX.

You can access his blog (and the article) from here.

Take care!

Ax 2012 AIF Calling the CustCustomerService.Create method from WCF

A fellow AX developer wrote a very interesting article about creating a customer using the CustCustomerService.Create method from WFC.

You can access the post here.

Take care!

Calling the InventTransferJournalService in AX 2012

The following is the code (written by Becky Newel from Microsoft) to call the InventTransferJournalJournalService in AX 2012.

TransferJournalServiceClient client = new TransferJournalServiceClient();

CallContext context = new CallContext();

AxdTransferJournal journal = new AxdTransferJournal();

AxdEntity_InventJournalTable journalHeader = new AxdEntity_InventJournalTable();

AxdEntity_InventJournalTrans inventJournalTrans = new AxdEntity_InventJournalTrans();

journalHeader.JournalNameId = "ITrf";

inventJournalTrans.ItemId = "1000";

context.Company = "ceu";

AxdEntity_InventDimIssue inventDimIssue = new AxdEntity_InventDimIssue();

inventDimIssue.InventSiteId = "2";

inventDimIssue.InventLocationId = "21";

inventJournalTrans.InventDimIssue = new AxdEntity_InventDimIssue[1] { inventDimIssue };

AxdEntity_InventDimReceipt inventDimReceipt = new AxdEntity_InventDimReceipt();

inventDimReceipt.InventSiteId = "1";

inventDimReceipt.InventLocationId = "11";

inventJournalTrans.InventDimReceipt = new AxdEntity_InventDimReceipt[1] { inventDimReceipt };

journalHeader.InventJournalTrans = new AxdEntity_InventJournalTrans[1] {inventJournalTrans };

journal.InventJournalTable = new AxdEntity_InventJournalTable[1] { journalHeader };

 try

{            

           client.create(context, journal);

}

catch (Exception e)

{              

string error = e.Message;

Console.ReadLine();

}

Source: http://blogs.msdn.com/b/axsupport/archive/2012/01/05/calling-the-inventtransferjournalservice-in-ax-2012.aspx

Take Care!

Enterprise Portal authentication in Microsoft Dynamics AX 2012 – Finally something that makes sense!

In AX 2012 there is a new authentication terminology - Pluggable authentication. This type of authentication allows users who are not part of Active Directory access to the AX 2012 Enterprise Portal.

In a nutshell, AX 2012 integrates with SharePoint Pluggable Authentication, which provides authentication to external Enterprise Portal users that are not part of an organization's Active Directory.

Further, Pluggable Authentication provides an administrator three additional forms of authentication in addition to Active Directory:

1.       Active Directory Federated Service: Allows users who are associated with an external Active Directory to access Enterprise Portal.

a.       When an ADFS user is removed from the external Active Directory that user does not have access to Enterprise Portal.

2.       Forms Based Authentication: Allows users to authenticate against a custom database of users.

3.       Live Id: Users can authenticate to Enterprise Portal by using Windows Live Id.

See the following diagram:

For more information on the new Enterprise Portal changes in AX 2012 visit http://msdn.microsoft.com/en-us/library/gg845087.aspx#BKMKPluggableAuth

In addition, Brandon George has a really good post about the new Security Architecture in his blog, Check it out

http://dynamics-ax.blogspot.com/2011/06/microsoft-dynamics-ax-2012-security.html

Take care!

Helpful AX 2012 links

New Stuff for Developers

What's New in Microsoft Dynamics AX 2012 for Developers [AX 2012]
http://msdn.microsoft.com/en-us/library/gg845327.aspx


Architecture

AOS architecture [AX 2012]
http://technet.microsoft.com/en-us/library/dd309593.aspx

Model store architecture [AX 2012]
http://technet.microsoft.com/en-us/library/dd362019.aspx

Help server [AX 2012]
http://technet.microsoft.com/en-us/library/gg866975.aspx

.NET Business Connector architecture [AX 2012]
http://technet.microsoft.com/en-us/library/dd309664.aspx

Enterprise Portal architecture [AX 2012]
http://technet.microsoft.com/en-us/library/dd362005.aspx


.NET Business Connector

.NET Business Connector Overview [AX 2012]
http://msdn.microsoft.com/en-us/library/aa659581.aspx


Development

Microsoft Dynamics AX IDE [AX 2012]
http://msdn.microsoft.com/en-us/library/aa676506.aspx

Visual Studio Development for Microsoft Dynamics AX [AX 2012]
http://msdn.microsoft.com/en-us/library/gg889157.aspx

Visual Studio Integration [AX 2012]
http://msdn.microsoft.com/en-us/library/gg889299.aspx


Business Intelligence

Business intelligence components [AX 2012]
http://technet.microsoft.com/en-us/library/gg731794.aspx


Installation & Configuration


Firewall settings for Microsoft Dynamics AX components [AX 2012]
http://technet.microsoft.com/en-us/library/gg731780.aspx

Verify that you have the required permissions for installation [AX 2012]

http://technet.microsoft.com/en-us/library/aa496457.aspx

Developing Extensible Data Security Policies [AX 2012]

http://www.microsoft.com/download/en/details.aspx?id=3110

Create service accounts [AX 2012]

http://technet.microsoft.com/en-us/library/dd362055.aspx

Planning hardware infrastructure [AX 2012]
http://technet.microsoft.com/en-us/library/dd362104.aspx

Microsoft Dynamics AX 2012 Implementation Planning Guide [AX 2012]
http://www.microsoft.com/download/en/details.aspx?id=4007

Moving between Microsoft Dynamics AX 2012 Environments [AX 2012]
http://blogs.msdn.com/b/axsupport/archive/2011/11/07/moving-between-microsoft-dynamics-ax-2012-environments.aspx


AX 2012 WHITE PAPERS
http://www.microsoft.com/download/en/details.aspx?id=20864

Utilities

AxUpdatePortal Utility [AX 2012]
http://msdn.microsoft.com/en-us/library/dd261467.aspx
http://blogs.msdn.com/b/solutions/archive/2009/02/04/axupdateportal-utility.aspx

Microsoft Dynamics AX 2012 - Basic Security Concepts

Hi there!

In AX 2012, role based security provides an extensible framework for defining access to the Microsoft Dynamics AX application and data. It changes a little bit from what we know in ax 2009.

In AX 2009, administrators had to, literally, create their own user groups and manually assign users to those groups.  Also, in order give permission to a user group to execute a particular operation, the administrator had to identify objects, such as tables, fields, and menu items that were required for the operation, which was a pain in AX 2009 as identifying these elements was time consuming.

However, in AX 2012, security is role-based, and many security roles are predefined by the application to make the setup portion of it easy for us. Now, it is important to really comprehend this positive change as in role-based security, users are assigned to roles based on their responsibilities in the organization and their participation in business processes.  In fact, AX 2012 introduces duties, which are a group of privileges (See a short definition below). In addition, an administrator no longer has to identify application objects and grant access to those objects. Instead, the administrator grants access to the duties that users in a role perform and that's it.

In addition, in AX 2012 all permissions for all application objects have been grouped into task-based privileges and duties.  This means that an administrator only has grant access to the Maintain sales order duty, which includes all of the permissions that are required to view, create, modify, and delete sales orders.

Another interesting change has been the concept of reusable permissions.  I don’t know if you had the chance to work with multiple companies in AX 2009, but you couldn’t allow user groups could not span multiple companies. As a matter of fact, if the same functional role was required in two companies, an administrator had to create two user groups and so on and so forth. You know where I’m going with this, right?

In terms of record-level-security, this function is still available in AX 2012, but it will be removed in future versions. In ax 2012, the data security framework I used to help secure the data and take security privileges into account. For example, an administrator can grant View access to one subset of Purchase Orders and Edit access to another subset of Purchase Orders.

There are a few definitions about the AX 2012 security terminology I would like to share with you:

A security role represents a behavior pattern that a person in the organization can play. A security role includes one or more duties.

A duty is a responsibility to perform one or more tasks.  A duty includes one or more privileges.

Privileges specify the access that is required to perform a duty.  A privilege includes one or more permissions.

Permissions include the access level to one or more securable objects that are required to perform the function associated with an entry point.

For more information on AX 2012 security you can go to http://technet.microsoft.com/en-us/library/gg731787.aspx

Take Care!

WALKTHROUGH - Creating Fact Boxes in AX 2012 - Part IV (Final Post)

Hi,

This is the last post (http://axwonders.blogspot.com/2011/12/walkthrough-creating-fact-boxes-in-ax_29.html) on the series WALKTHROUGH - Creating Fact Boxes in AX 2012. In my last post we took care of primary indexes for the Eduardo_CustCarTable. In addition, we also talked a little bit about Parts and FactBoxes in AX 2012, and that we needed to create a query before displaying data inside a FactBox.

In this post we are going to create 4 forms, 2 info parts, 2 menu items, 2 queries, and finally will create a new form part in the CustTableListPage to see how everything links together.

First we are going to create the Eduardo_VehicleTypeTable, Eduardo_VehicleModelsTable, and Eduardo_VehicleMakeTable, and Eduardo_CustCarTable forms. The four have the same requirements, and the only element that changes is the data source table they use.

In addition,  three these forms (Eduardo_VehicleTypeTable, Eduardo_VehicleModelsTable, and Eduardo_VehicleMakeTable) will have an ActionPane with only two buttons; (1) new and, (2) delete.

The  Eduardo_CustCarTable form, however,  will contain an extra ActionPaneTab to hold the butons to open the orther three forms.

Steps:

1.       In the AOT, right-click the Forms node and select New Form.

2.       Rename the form to Eduardo_VehicleTypeTable.

3.       In a second AOT, locate the table Eduardo_VehicleTypeTable.

4.       Drag the table Eduardo_VehicleTypeTable to the DataSources node on  the Eduardo_VehicleTypeTable form.

5.       Expand the Designs node on the Eduardo_VehicleTypeTable form.

6.       Right-click the Designs node and select New Control > ActionPane.

7.       Expand the ActionPaneTab and then the ButtonGroup.

8.       Right-click the ButtonGroup node and select New Control > CommandButton.

9.       Set the following properties:

a.       ButtonDisplay: Text & Image Left

b.      Text: New

c.       NormalImage: 11045

d.      ImageLocation: EmbeddedResource

e.      Primary: Yes

f.        Command: New

 

10.   Right-click the ButtonGroup node and select New Control > CommandButton.

11.   Set the following properties:

a.       ButtonDisplay: Text & Image Left

b.      Text: Delete

c.       NormalImage: 10121

d.      ImageLocation: EmbeddedResource

e.      SaveRecord: No

f.        Primary: Yes

g.       Command: Delete Record

12.   Right-click the Designs node and select New Control > Group. Change the Name to Body.

13.   Right-click the Group [Body] node and select New Control > Group. Change the Name to GridContainer.

14.   Right-click the Group [Body] node and select New Control > Group. Change the Name to Splitter.

 

NOTE: To make the Splitter work, you will need to overwrite the Form's init method with the following code:

15.   Right-click the Group [GridContainer] node and select New Control > Grid.

16.   Expand the DataSources > Eduardo_VehicleTypeTable > Fields node.

17.   Drag all the fields to the grid control.

18.   Save your changes to the form.

19.   Open the form by pressing Ctrl+O.

20.   If you haven’t already done so, populate the table by entering your own data in to the form.

Repeat steps 1- 20 for the other three forms (Eduardo_VehicleMakeTable and Eduardo_VehicleModelsTable, and Eduardo_CustCarTable ).
The following image depicts the Eduardo_VehicleModelsTable form, so you get an idea how the three forms created above should look like.

Then if you open the Eduardo_VehicleModelsTable you should see the following (if you have some data)

Now, we are going to add anew ActionTab to the existing ActionPane control in the Eduardo_CustCarTable form. This action will create a new tab and three buttons (within the tab) that will open the three forms we created earlier.

Steps

1.       Right-click the ActionPane node and select New Control > ActionPaneTab.

2.       Change the following properties:

a.       Name: Vehicles

b.      Caption: Vehicle Management

3.       Create 4 new Display Menu Items by dragging each form to the Menu Items >Display Node.

4.       Drag the Eduardo_VehicleMakeTable, Eduardo_VehicleTypeTable, Eduardo_VehicleModelsTable Menu Items to the ButtonGroup located in the Form Eduardo_CustCarTable form > Designs>ActionPane>ActionPaneTab:Vehicles> ButtonGroup

The following image shows how a Menu Item is created after I dragged the first form to the MenuItem>Display node.

5.       Set the following properties for each Menu Item Button:

a.       NormalImage: This will allow you to “attach” an image to the button.

b.      Big: Yes (This will make it big)

The form should look like the following image:

Now that all our forms are ready, we are going to start developing to display data in a FactBox in both the Eduardo_CustCarTable and the CustTableListPage forms.
To better understand what we are doing, I would like to review what a List Page is before moving forward with the FactBoxes.

List pages are the primary method of displaying data in Microsoft Dynamics AX. They can show lots of data from many tables, in a number of formats. They have consistent designs and functions. They can easily be displayed in the enterprise portal.

The components of a list page are:

1.   The Grid displays a list of records. It displays only a few of the most important fields for each record.

2.   The Filter bar is used to enter search criteria. This filters the list in the data grid to show only the records which an end-user is interested in.

3.   The Preview Pane displays more fields about the selected record. This helps to ensure you have selected the correct record in your search.

4.   FactBoxes display more information about the selected record from related tables.

5.   The Action Pane contains menu items you can use to do typical tasks related to the highlighted record.

Now, let’s create a FactBox for the Eduardo_CustCarTable. The main idea of this FactBox is to show only the related detail data of Car's model for a selected record.

We need to first create a query. Because we need to for this project, we’ll create the two.

Steps:

1.       In the AOT, right-click the Queries node and select New Query, and rename the new query to Eduardo_VehicleModelsQuery.

2.       In a second AOT, locate the Eduardo_VehicleModelsTable.

3.       Drag the Eduardo_VehicleModelsTable to the DataSources node on the Eduardo_VehicleModelsQuery .

4.       Expand the Eduardo_VehicleModelsTable _1 data source.

5.       In the property sheet for the fields node set the Dynamic property to Yes. This means all fields in the table will be included in the query.

Repeat steps 1 to 5 for the Eduardo_CustCarQuery.

Now it is time to create a Part for each of the queries we just created.

Steps:

1.       Right-click the Info Parts node and select New Info Part.

2.       In the property sheet for the new info part, set the Name property to Eduardo_VehicleModelsInfoPart, set the Caption property to Cars Models, set the Query property to Eduardo_VehicleModelsQuery.

3.       Right-click the Layout node in the info part, and select New Group.

4.       In the property sheet for the group, set the Repeating property to Yes.

5.       Right-click the new group and select New Field.

6.       Set the data source and data field for each of the fields exist in the Eduardo_VehicleModelsTable _1 data source (VehicleModelID, VehicleTypeID, VehicleMakeID, Status, Description)

Repeat steps 1 to 6 for the Eduardo_CustCarsInfoPart. The InfoPart should look like the following image:

NOTE: For the Eduardo_VehicleModelsInfoPart to work correctly in Eduardo_CustCarTable form, we need to tell the Eduardo_VehicleModelsTable that the relationship we have with the index Eduardo_VehicleModelIdx is on the EDT (See next image)

Now the step we all have been waiting for, lets add a new FactBox to the Eduardo_CustCarTable form.

Steps:

1.       Create a new menu item for the info part, by dragging the Eduardo_VehicleModelsInfoPart to the Menu Items > Display node in the AOT.

2.       Locate the Eduardo_CustCarTable form in the AOT.

3.       Drag the Eduardo_VehicleModelsInfoPart menu item to the Parts node in the Eduardo_CustCarTable form.

4.       In the property sheet for the new part reference, set the DataSourceRelation property to Eduardo_CustCarTable.Eduardo_VehicleModels.

5.       Save your changes to the Eduardo_CustCarTable form.

Press CTRL+O to open the Eduardo_CustCarTable, and if everything went OK the form should look like the following image:

Pretty cool, isn't? If you click on a different record, the FactBox information will change to the specified relationship with the VehicleModelID field.
Now, let's do the same with the CustTableListPage.

Steps:

1.    Create a new menu item for the info part, by dragging the Eduardo_CustCarsInfoPart to the Menu Items > Display node in the AOT.

2.    Locate the Eduardo_CustCarTable table in the AOT.

3.    Expand Eduardo_CustCarTable table.

4.    Right-click the Indexes node and select New Index

5.    Rename the index to CustIdx

6.    From the fields node on the table, drag the CustAccount field to the CustIdx index.

7.    Save your changes to the table.

8.    Locate the CustTableListPage form in the AOT.

9.    Drag the Eduardo_CustCarsInfoPart menu item to the Parts node

10. In the property sheet for the new part reference, set the DataSourceRelation property to EDT.VetCustPetTable.CustAccount.

The CustTableListPage should look like this:

This concludes this series of posts about FactBoxes in AX 2012. I hope you have enjoyed this tutorial and that you will share it.

Take Care!