AX 2012 - Security Model Design Considerations
While at AXUG Summit last week, it was clear that there are some misunderstanding surrounding the AX 2012 Security model, and it's impact on design, as well as what level of design the great new model impacts. In an article, posted by MSDW: Developers: Prepare for More Security Work When Upgrading to Microsoft Dynamics AX 2012 It is being portrayed, as if Developers and Technical Consultants will have some huge workload related to security and upgrades.
Before I continue, with at least how I think this should be understood and viewed, MSDynamicsWorld.com is a great resource, and does a great job at helping cover the Dynamics Ecosystem. Like all things however, healthy information, correction and debate is always needed.
With that said, I think the partner quoted, and the people leading the session on security that drove to this article being published do not fully understand the security model in AX 2012 and the vision for the design aspects, and what it brings. It's true there is a new security model, however it's a great step forward, and not some new burden, with no value gained.
I touched on some of this in a previous article, on the impact on design the new security model for AX 2012 will have. I tried to point out, that this is very much a Functional Design Consideration, and not some heavy extra burden on technical resources. What takes place now, is instead of security being an after thought, or something pushed to a later point in a project, it now has correct considerations through the functional design process.
The above is taking from the newly released Sure Step 2012, within the Design phase, part of the Design Activity Flow, 2.5.1 - "Create Gap Design in Functional Design Document". The owner of this process? The Application Consultant.
Now the Application Developer role, has their part to play in this, however, the design, implementation, and customer administration of security is a functional business process, not a technical one. There is technical needs to create new privileges, that tie into Security Entry points. Beyond that however, the Duties, Process Cycles, Roles, as well as assignment of Users to Roles is a business function.
The vision with the new security model, beyond the implementation or upgrade process, is meant even to be spread out among the business units, where those owners of the specific parts of the business actually control assignment of security for their respective area's.
Further more, to the upgrade, there is a new tool to help suggest upgrading groups from AX 2009, to AX 2012, which you can find on Microsoft's new InformationSource. This tool however, makes suggestions, and should not be the Application Developer Roles responsibility. This must reside on the shoulders of the Application Consultant, with the Developers help, and of course very much on the business unit owners for the customer. If correct design is not spent during the upgrade process, or implementation around this area, a great set of new functionality around security, and a better use and understanding of security for AX will be missed.
I will finish with this, we have a great new security model in AX 2012, that raises the bar, and the design concepts to the business level. This is the vision from Microsoft, to abstract out and raise out of the technical depths, so that businesses can be Dynamic and react fast based on demands. This is seen throughout design concepts from services, business workflow modeling, and more.
Hopefully with this understanding, and with the new Sure Step 2012 released, we can all be armed with the correct vision, approach, and design considerations to look at the new Security model in AX 2012 for what it is: Not a burden, but finally a correct level of consideration and design during upgrades or implementations.
That's all for now, but check back soon as a lot more to come. Till next time!