Creating a More Secure Microsoft Dynamics AX Environment: Weighing Two Approaches Improving Segregation of Duties (SoD)

Most organizations that have implemented Microsoft Dynamics AX will want to secure the application and manage the risk of misuse. In the recent MSDynamicsWorld webinar, Strategies for a Clean Slate Security Environment in Microsoft Dynamics AX (registration required), Mike Cassady, vice president of development with FastPath Inc., and Kevin McCreary, associate director with Protiviti's IT Consulting and Risk management practice, outlined the steps that lead to a more secure AX environment.

Underlying the actions is the principle of segregation of duties or SoD - the idea that no single person completely controls a sensitive process. This reduces the risk of both errors and fraud. "Segregation of duties is a requirement," Cassady says. It's typically most effective to incorporate this principle when building a security model, rather than trying force it into place after the fact, he adds.

Dynamics AX 2012 R3 uses the concepts of roles, duties and privileges to create a secure environment. Roles are the jobs to which users are assigned. They're composed of duties, such as creating purchase orders or invoices, and privileges, like the ability to view or edit different reports.

Risk within AX typically results from two types of conflicts, Cassady says. Intra-conflicts occur when a role itself has conflicting access levels or privileges. For instance, one role says the user is limited to viewing certain screens, yet also allows him or her to edit the same screens. Inter-conflicts occur when a user is assigned multiple roles, and the access or duties for one role conflicts with another. One example: an employee who can both enter vendors into the system and initiate payments.

Given the potential for both types of conflicts, effective security ...