Friday, March 13, 2015

Tool to copy security permissions in AX

Copying security roles, groups, user options and associating worker against user

The role based security works very well in AX 2012 and security development tool has also made the life of AX system administrator very charming. It was a nightmare to define security for each user in earlier versions of MS Dynamics AX. 

However, there is one area which security development tool does not cover and is often required in many occassions. That is "To Copy user roles from one user to another". Let's say we have created/imported a new user in AX and System Administrator requires to assign same role(s), existing users have, to this new added user. This requirement might come due to identical nature of work or responsibilities shared among different users. 

This tool will help you to copy users roles, users options, user groups, user's main accounts and user association with worker by creating new worker if not exists. User association with worker is required to perform different business processes in AX, one of them is purchase requisition approval.

You can download this tool from CodePlex:

Please feel free to make suggestions and improvements.


  1. So today I got around to import this and give it a try. First of all thanks for the idea and the implementation. While the basic idea is sound, I have some suggestions and questions:
    - several labels are missing, though they do not seem to be part of the intended customizations (see below)
    - especially in method copyUserRoles some comments with reasoning of the code logic would have been helpful (e.g. why is the system user role removed from the target user before copying?)
    - transactions have only been included in some of the copy methods
    - why do you use the networkalias instead of the name of the user to determine a first and last name for the employee?
    - customizations on forms SysUserInfo and SysUserInfoDetail do not seem to be relevant to the intended customization?
    - maybe a button could be added on both forms to call the new copy function (which so far cannot be called anywhere in the gui, just from the AOT), using the selected user as source or target user
    - customizations in class SysListPanelSet_Roles also do not seem to be relevant to the intended customization
    - why are only the user options "filter by grid on by default", "status line info" and "default country region" copied? what about the other user options?
    - maybe use the SysOperation framework instead of the RunBaseBatch framework
    - since the batch framework is used, a new function e.g. copy from one user to all other users or all other users in a specific user group could be useful
    - improve progress reporting

  2. hello!! Very interesting discussion glad that I came across such informative post. Keep up the good work friend. Glad to be part of your net community. Uniarch


I will appreciate your comments !

Download large bacpac (sandbox database) to DEV environment much faster

As the LCS website gets slower and slower and the database backups get bigger and bigger.  Use AZCopy to download objects out of LCS asset l...