• AX2012 Management Reporter Security


    Are you confused by how user roles in AX 2012 are integrated with Management Reporter roles? Have problems adding or deleting users in Management Reporter? Get your answers here.

    In the last couple of weeks I have been asked by AX developers about Management Reporter Security. Mainly, they were stumped by how assigning different roles to users in Management Reporter does not quite turn out as they had expected. Both times I felt I could only give a partial answer. Thus, I decided to do a little experiment to find out the truth once and for all… or until Microsoft comes up with the next Rollup I suppose!

    In this topic, I will cover:

    Management Reporter is able to integrate with different flavours of Microsoft Dynamics but in this topic I will cover integration with Microsoft Dynamics AX 2012 only, and only for up to RU5, simply because that is what is available to me for my experiment!

    You can download the Management Reporter Integration Guide for Microsoft Dynamics AX 2012 here.

    In the guide, the section called Integrating users from Microsoft Dynamics AX 2012 covers all of only two pages. Hopefully this blog post expands on that and clarify things.

    The following table explains how user roles in Microsoft Dynamics AX 2012 are transferred into Management Reporter.

    Note the last statement that the LedgerViewFinancialStatement privilege for viewers must be added in AX. I will demonstrate that. Also, what it does not say is that if the user is assigned to any other role in AX except those shown here, they will not have access to Management Reporter, even for System Administrator. Yes, the user name will not even show up in the user security list in Management Reporter!

    Adding users from AX 2012

     

    Here is what is written in the guide

    What it does not say is how and when the change is reflected in Management Reporter. This will be covered in How to integrate users in Configuration Console.

    Firstly I am going to add a user called CONTOSOuser5 to Management Reporter which currently does not exist.

    To add CONTOSOuser5 to Management Reporter, fire up Microsoft Dynamics AX and add the CONTOSOuser5 as a new user.

    User5 is now an AX User, but he is not added to Management Reporter yet.

    User is assigned an AX 2012 role that does not map to Management Reporter

    If a user is assigned a role that is not recognised as a role in Management Reporter, the user is not added into Management Reporter – even for a system administrator role in AX 2012!

    Here, user5 is assigned the System Administrator role in AX 2012.

     

    In Management Reporter, user5 is still not added.

     



    Assigning user a Viewer role

    As mentioned in the guide, create a new LedgerViewFinancialStatement privilege.

    To find out more about creating security privileges in AX 2012, click here.

     

    Assign LedgerViewFinancialStatement privilege to a new role or to a current role. In this case I created a new role also called LedgerViewFinancialStatement and assigned the LedgerViewFinancialStatement privilege to it.

    To find out more about creating security roles in AX 2012, click here.

     

    Assign user5 the LedgerViewFinancialStatement role.

    Open Configuration Console and wait until everything is fully integrated.

    Now open the users list in Management Reporter -> Security. User5 is added as a Viewer.

    Assigning user a Generator role

    Remove the LedgerViewFinancialStatement  role from User5 and assign the role of Financial Controller instead.

    Again wait until everything is fully integrated in the Configuration Console.

    Now re-open the users list in Management Reporter -> Security. User5 has the Generator role.

    Assigning user a Designer role

    In AX 2012, assign user5 with the role of Accounting Manager.

    Again wait until everything is fully integrated in the Configuration Console.

    Now re-open the users list in Management Reporter -> Security. User5 has the Designer role.

    Assigning user an Admin role

    The AX 2012 system administrator role does not map into the Administrator role in Management Reporter. So the user needs to be assigned the Security Administrator role instead.

    Again wait until everything is fully integrated in the Configuration Console.

    Now re-open the users list in Management Reporter -> Security. User5 has the Administrator role.

    Users of higher access

    As you probably have seen by now, the AX roles of higher access (if you like) determines the role in Management Reporter. In the last example, user5’s highest AX Role is Security Administrator. Therefore the role in Management Reporter is Administrator even though user5 is also assigned as Accounting Manager and Financial Controller in AX 2012.

    Deleting user

    Here is what is mentioned in the Guide:

    That is not entirely correct.

    To delete a user that was integrated from AX 2012, you can either:

    1. Delete the user from AX 2012.
    2. Remove all Management Reporter mapped roles for the user.

    I will demonstrate the second point as the first is obvious.

    In Management Reporter  -> Security, right-click on user5. The Delete… option is greyed out. You cannot manually delete a user that is integrated from AX 2012.

    In AX 2012, remove all roles from user5 that maps to Management Reporter.

    Again wait until everything is fully integrated in the Configuration Console.

    Now re-open the users list in Management Reporter -> Security. User5 has been deleted in Management Reporter.

    How to integrate users in Configuration Console

    To integrate users from AX 2012, one would expect to hit a button to activate integration but that does not exist in Management Reporter. As seen in previous examples, in Configuration Console, once everything has been fully integrated, the roles will also be fully integrated.

    While doing this experiment, data integration happens every minute, and full integration happens every 5 minutes.

    Where is the user data stored in the database?

    The user data is located in the [ManagementReporter] database in the [dbo].[SecurityUser] table.

    Summary

    Users in AX 2012 are mapped to Management Reporter only by certain roles that is shown in this table here.

    Users can be added to Management Reporter by assigning them specific roles in AX 2012. Likewise, users can be deleted from Management Reporter by unassigning them specific roles in AX 2012.

    AX roles of higher access determines the role in Management Reporter.

    Full integration with AX 2012 occurs regularly and frequently as long as the service is running. There is no specific button to activate integration.

    I hope this clarifies Management Reporter Security roles and integration process.

  • 相关阅读:
    惭愧无法面对的SQL ORDER BY
    JVM参数官方说明
    Java Unsafe 测试代码
    好记性不如烂笔头-Duration与Period中字母含义
    计算机组成原理中源码、反码、补码存在意义
    线程池参数、线程池扩容以及拒绝策略触发时机demo代码
    朴素贝叶斯法
    K近邻法与kd树
    EM算法
    熵、交叉熵、KL散度、JS散度
  • 原文地址:https://www.cnblogs.com/dingkui/p/14715992.html
Copyright © 2020-2023  润新知