Link to home
Start Free TrialLog in
Avatar of Damian Gardner
Damian Gardner

asked on

Can you CASCADE permissions in AX 2012

We are working on upgrading to AX 2012 from AX 4, and are noticing there does not seem to be a way to cascade permissions down a module.  Did Microsoft take this helpful capability away?  Or are we missing something here.

Avatar of Damon Repton
Damon Repton
Flag of United Kingdom of Great Britain and Northern Ireland image

security in ax2012 is a lot different from ax4 but there is a tool that can help call security development tool, you can get this from customer source or LCS
Avatar of Damian Gardner
Damian Gardner


Hi Damon.  Thanks for your reply.  Yes I have installed and activated the Sec Dev Tool, and have started using it.  I don't see any way to cascade in there either.  It looks as though its completely gone.
No the cascade thing is not applicable in AX2012 permissions but you can achieve same functionality by adding table control to the security role.
Really?  Interesting.  Easy to do?  Let me look that up...
Damon - I'm not seeing anything quickly regarding how to add table control to a security role.  Can you give me a tip here?

Without knowing what exactly your want to do, it is a bit difficult to suggest the way but please see below process.

For cascade no permissions, follow these steps:

System Admin > Setup > Security > Security roles > Select the role in question

In the role content > highlight the duty or privilege which is giving access to the required permission

The fact box on the right hand side will show which roles have access to this > note down

Then remove that privilege or duty and follow the same steps for other roles.

Let me know the brief description of what they want to do and I can send the instructions. E.g. Accounts Payable clerk is able to delete Suppliers and should not be able to do it. They should have view only access. Only Manager role should be able to delete suppliers.
ok - well I was referring to how to "add table control to the role".  You're saying I can "achieve cascade functionality" by doing that.  I was actually looking for how to get to the table tree from the permissions, like AX4 allows you to do, and couldn't find them.  So this would help if I can simply cascade the permissions on the tables themselves.
Ok got it.

For adding table control to the role, go to System Admin > Setup > Security > Security role > click Override button at the top.

Then expand the list of tables > highlight the table > untick do not override > wait for few seconds till it loads

The override permissions dropdown will become available and by default the permissions will change to no access.

Click the dropdown and select the level of permissions you want.

This overrides all the table controls for that table at lower levels. If at the lower level the role has full access but override is set to no access, then the user will not have any access. Same way if at the lower level the access is none but override is full, then the user gets full access.

User generated image
The above process is for the customer to update security via front end. You can do it more easily from AOT by this process:
AOT > Security > roles > Expand > Permissions > Tables > Add table > in properties, select the appropriate level of permission
Excellent - thanks and I'll let you know how it goes.
Hey Damon. Just touching base here.  I'm going to be working on the permissions today and tomorrow.  I'll let yo uknow how it goes here, and hopefully close this thread out soon.  thanks!
Damon - do you know whether changing the table level access for a particular role affects all other roles using that table?  I imagine it would, right?
Avatar of Damon Repton
Damon Repton
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ok, well that's good.  excellent - this should help a lot.  Thanks for your help, and I think we can close this case.  I'll do it now.

thanks again