Intercompany execution and role based security in Microsoft

Microsoft Dynamics AX 2012
®
Intercompany execution and
role-based security in
Microsoft Dynamics AX 2012
Implementation Considerations
This paper provides guidelines for creating new security roles in
Microsoft Dynamics AX 2012 to support intercompany execution
scenarios.
October 2011
CCAX2012IC2001
Table of Contents
Overview..................................................................................................... 3
Predefined roles – Upstream sales view and navigation ............................. 4
Adding and updating roles...................................................................................................... 6
Intercompany purchase order navigation .............................................................................. 7
Intercompany sales order navigation .................................................................................... 7
Intercompany picking list generate ...................................................................................... 7
Predefined roles – Upstream procurement view ......................................... 8
Adding and updating roles...................................................................................................... 9
Intercompany sales packing slip navigation ........................................................................... 9
Intercompany sales invoice navigation ................................................................................. 9
Predefined roles – Downstream direct delivery processing ....................... 11
Sales packing slip process in the delivering company................................................................12
Adding and updating roles ................................................................................................. 12
Process intercompany direct delivery sales packing slip ......................................................... 12
Sales invoice process in the delivering company ......................................................................16
Adding and updating roles ................................................................................................. 16
Process intercompany direct delivery invoice ........................................................................ 16
Summary .................................................................................................. 19
2
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Overview
As part of the introduction of a role-based security model in Microsoft Dynamics® AX 2012, several
roles are shipped with Microsoft Dynamics AX 2012. However, most of these roles are primarily
designed to support processes that are executed within a single legal entity in Microsoft Dynamics AX
2012.
By nature, intercompany execution is cross–legal entity. In previous versions of Microsoft Dynamics
AX, intercompany execution was orchestrated in code that consulted user group security constraints
only in the company from which the process execution was initiated. One example of this kind of
process is the posting of intercompany sales packing slips for direct delivery. If the user had access to
process the sales packing slip in the delivering legal entity, performing this task automatically
triggered and executed product receipt and sales packing slip processing for the intercompany
purchase order and the original sales order in the selling company.
Intercompany direct delivery
Company A: Selling company
Company B: Delivering company
Sales Clerk Company A
Creates
Creates
Task: Create Sales Order
Document: Original Sales Order
Document: Intercompany Purchase Order
Creates
Document: Intercompany Sales Order
Creates
Task: Ship order
Document: Original Sales Order packing slip
Document: Purchase Order product receipt
Document: Sales Order packing slip
Figure 1 Example of a simple enterprise model, where company A is a selling company and company B is a delivering
company
No explicit security privilege was required for the user in the selling company to execute this process.
However, with the introduction of the new role-based security model in Microsoft Dynamics AX 2012, a
user has to be granted explicit security privileges in all companies that the process spans. In the case
of intercompany direct delivery, this means that the user who works in the delivering company must
also be granted security privileges to automatically process the purchase product receipt for the
intercompany purchase order and the sales packing slip for the original sales order in the selling
company.
The intercompany functionality that is provided in Microsoft Dynamics AX 2012 also includes
functionality of a more navigational character. This functionality includes support for cross-company
navigation between intercompany purchase orders and intercompany sales orders, and cross-company
3
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
navigation to intercompany sales packing slips and similar documents. In previous versions of
Microsoft Dynamics AX, this type of navigation was constrained by user group security settings.
However, the introduction of the role-based security model in Microsoft Dynamics AX 2012 requires
different settings than the settings that you used in previous versions, such as Microsoft Dynamics AX
2009.
This paper suggests defining seven security roles to support intercompany execution and navigation
scenarios for companies when a more granular segregation of duties is required across companies.
The paper provides guidelines about how to define these new security roles. The use of seven security
roles supports a more granular segregation of duties than is provided by the predefined security roles
that are shipped Microsoft Dynamics AX 2012.
Predefined roles – Upstream sales view and navigation
Microsoft Dynamics AX 2012 comes with several predefined security roles. Most of these roles are
designed to support processes that are executed within a single legal entity context. For order
management, order fulfillment, and order billing, the following security roles represent key roles that
are shipped with Microsoft Dynamics AX 2012:

Buying agent

Purchasing agent

Sales clerk

Receiving clerk

Shipping clerk

Accounts payable clerk

Accounts receivable clerk
4
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Take the example of a simple enterprise structure of two companies in Microsoft Dynamics AX 2012:
company A and company B. Company A is a selling company, and company B is a central distribution
center that is modeled as a separate legal entity. Company A sources from company B.
Simple enterprise model
Company A: Selling company
Company B: Distribution company
Sales Clerk Company A
Creates
Creates
Task: Create Sales Order
Document: Original Sales Order
Document: Intercompany Purchase Order
Document: Intercompany Sales Order
Task: Ship order
Task: Product receipt
Task: Ship order
Document: Original Sales Order packing slip
Document: Purchase Order product receipt
Document: Sales Order packing slip
Figure 2 Example of a simple enterprise model and a simple flow for creating an intercompany order chain, and for shipping
and receiving an intercompany order in each company
In company A, a sales clerk is assigned the Sales clerk security role. The sales clerk creates a sales
order. Upon order creation, an intercompany order chain is created, consisting of an intercompany
purchase order in company A and an intercompany sales order in company B. The process has been
set up so that the generation of the picking list in company B can be manually triggered from
company A after creation of the intercompany sales order.
5
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
sales clerk in company A be assigned a security role that allows the sales clerk to process the picking
list in company B. Such a security role could be the sales clerk in company B. However assigning this
role would grant the sales clerk in company A full access to sales clerk functionality in company B,
which may not be desirable from a segregation-of-duties perspective.
Simple enterprise model
Company A: Selling company
Company B: Distribution company
Create
Sales Clerk Company A
Re
ad
or
Rea
Ma
int
ain
d or
Ma i
ntai
n
Document: Picking list
For intercompany sales order
Creates
Creates
Task: Create Sales Order
Document: Original Sales Order
Document: Intercompany Purchase Order
Document: Intercompany Sales Order
Figure 3 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security
privileges exceeding the sales clerk role for company A
Extending the scenario, the sales clerk in company A must do follow-up on the intercompany sales
order in company B. The sales clerk must inquire into the quantities that are shipped per line item.
This action is represented in the previous figure by the green “Read or Maintain” arrow that points
toward the intercompany sales order in company B.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
sales clerk in company A be assigned a security role that allow the sales clerk to inquire into the sales
order in company B. Such a security role could be the sales clerk in company B. However, assigning
this role would grant the sales clerk in company A full access to sales clerk functionality in company B,
which may not be desirable from a segregation-of-duties perspective.
Adding and updating roles
It is possible to obtain a more granular segregation of duties by using the role-based security
framework. Creating three new security roles, such as the following, would achieve this:

Intercompany purchase order navigation

Intercompany sales order navigation

Intercompany picking list generate
6
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Intercompany purchase order navigation
The purpose of the Intercompany purchase order navigation security role is to enable the sales
clerk in company A to navigate to the intercompany purchase order in company A. The security role
grants the user access to view purchase orders in company A.
The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View purchase
order details (the name in the Application Object Tree (AOT) is PurchtableDetailsView).
Intercompany sales order navigation
The purpose of the Intercompany sales order navigation security role is to enable the sales clerk
in company A to navigate to the intercompany sales order in company B. The security role grants the
user access to view sales orders in company B.
The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View sales order
details (AOT name: SalestableDetailsView).
Intercompany picking list generate
The purpose of the Intercompany picking list generate security role is to enable the manual
generation of the picking list in company B from the sales order in company A. The security role
grants the user access to generate picking lists in company B. This flow assumes that the
intercompany sales action policy parameter ‘Print picking list’ is disabled in company B.
The role contains two privileges that are shipped with Microsoft Dynamics AX 2012, Process sales
picking list (AOT name: SalesFormLetter_PickingListProcess) and Generate picking lists (AOT
name: WMSPickingLists_OrderPickGenerate).
Be aware that this role grants access to data in the target company beyond the specific intercompany
order. To limit data access in the target company to intercompany orders, record-level security must
be applied.
The following table provides a schematic overview of these three security roles, and where access that
is related to the previous scenario is granted.
Role
Description
Privilege
Granted in
company
Intercompany purchase
order navigation
Access a purchase order in the target
company with Read access. Use existing
privileges.
View purchase
order details.
Company A
Intercompany sales order
navigation
Access a sales order in the target company
with Read access. Use existing privileges.
View sales order
details.
Company B
Intercompany picking list
generate
Access a sales picking list in the target
company with Create access. Use existing
privileges.
Process a sales
picking list.
Company B
Generate picking
lists.
7
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Predefined roles – Upstream procurement view
Take again the example of a simple enterprise structure of two companies in Microsoft Dynamics AX
2012: company A and company B. Company A is a selling company, and company B a central
distribution center that is modeled as a separate legal entity. Company A sources from company B.
The scenario that is depicted in the following figure applies the perspective of the buying agent in
company A.
Simple enterprise model
Company B: Distribution company
Company A: Selling company
R
ead
or M
ain
tain
Buying Agent Company A
Re
Creates
Document: Original Sales Order
ad
or
Ma
inta
in
Creates
Document: Intercompany Purchase Order
Document: Intercompany Sales Order
Create from
Pull creation
Task: Receive Product
Document: Intercompany Purchase
Product Receipt
Copy dim from
Document: Intercompany Sales
Packing Slip
Create from
Pull creation
Copy dim from
Task: Record invoice
Document: Intercompany
vendor invoice
Document: Intercompany
Sales Invoice
Figure 4 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security
privileges exceeding the buying agent role for company A
The buying agent in company A is responsible for managing purchase orders, including intercompany
purchase orders. In this case, the buying agent must be able to inquire into the quantities that are
shipped from company B per line item. This action is represented in the previous figure by the green
“Read or Maintain” arrow that points toward the intercompany sales order in company B.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
buying agent in company A be assigned a security role that allows the buying agent to inquire into the
sales order in company B. Such a role could be the sales clerk in company B. However, assigning this
role would grant the buying agent in company A full access to sales clerk functionality in company B,
which may not be desirable from a segregation-of-duties perspective.
Extending the scenario, the buying agent in company A must process the purchase product receipt in
company A directly off the sales packing slip that is processed in company B, so that the purchase
product receipt in company A completely mirrors the sales packing slip in company B.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
buying agent in company A be assigned a role that allows the buying agent to inquire into the sales
8
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
packing slip in company B. Such a security role could be the sales clerk in company B. However
assigning this role would grant the buying agent in company A full access to sales clerk functionality in
company B, which may not be desirable from a segregation-of-duties perspective.
Extending the scenario again, the accounts payable clerk in company A must process the vendor
invoice in company A directly off the sales invoice that is processed in company B, so that the vendor
invoice in company A completely mirrors the sales invoice in company B. This action is represented by
the last task, “Record invoice,” in the previous figure. Note that the accounts payable clerk is not
explicitly illustrated in the figure, only the task.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
accounts payable clerk in company A be assigned a role that allows the accounts payable clerk to
inquire into the sales invoice in company B. Such a security role could be the accounts receivable clerk
in company B. However assigning this role would grant the accounts payable clerk in company A full
access to accounts receivable clerk functionality in company B, which may not be desirable from a
segregation-of-duties perspective.
In the previous figure, also notice the support for manually copying tracking dimensions from the
intercompany sales line as part of the “Receive product” task for the intercompany purchase product
receipt and the “Record invoice” task for the intercompany vendor invoice.
Adding and updating roles
It is possible to obtain a more granular segregation of duties by using the role-based security
framework. Creating two new security roles, such as the following, would achieve this:

Intercompany sales packing slip navigation

Intercompany sales invoice navigation
Intercompany sales packing slip navigation
The purpose of the Intercompany sales packing slip navigation security role is to enable the
buying agent in company A to navigate to the intercompany sales packing slip in company B. The
security role grants the user access to view sales packing slips in company B, and to process the
purchase product receipt in company A off the sales packing slip.
The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View sales packing
slips (AOT name: CustPackingSlipJournalView).
Be aware that this role grants access to data in the target company beyond the specific intercompany
order. To limit data access in the target company to intercompany orders, record-level security must
be applied.
Intercompany sales invoice navigation
The purpose of the Intercompany sales invoice navigation security role is to enable the accounts
payable clerk or buying agent in company A to navigate to the intercompany sales invoice in company
B. The security role grants the user access to view sales invoices in company B, and to process the
vendor invoice in company A off the sales invoice.
However, the accounts payable clerk and buying agent roles do not have access to the
Intercompany Tracing > Invoice Journal menu button in company A. Access to this menu button
is granted from the View sales invoice privilege that the user who has the Accounts payable clerk
or Buying agent role must have for company A. Therefore, we recommend that you let the user and
Intercompany sales invoice navigation role have access to both company A and B, to allow the
accounts payable clerk and buying agent to navigate from company A to company B, and to trigger
the vendor invoice process off the sales invoice in company B. However, a split of the Intercompany
sales invoice navigation role may be required in cases where a stricter segregation of duties and
stricter data access are required.
9
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
The Intercompany sales invoice navigation role contains three privileges that are shipped with
Microsoft Dynamics AX 2012, View customer invoice journal inquiry (AOT name:
CustInvoiceJournalView), Change/edit customer invoice journal (AOT name:
CustInvoiceJournalMaintain), and Synchronize batch/serial numbers (AOT name:
IntercompanyTransferInventDimProcess).
Be aware that this role grants access to data in the target company beyond the specific intercompany
order. To limit data access in the target company to intercompany orders, record-level security must
be applied.
The following table provides a schematic overview of these two security roles, and where access that
is related to the previous scenario is granted. Combining these two roles with the previously defined
Intercompany sales order navigation role meets the preceding requirements. The Intercompany
sales order navigation role appears in italic in the table.
Role
Description
Privilege
Granted in
company
Intercompany sales
packing slip navigation
Create a product receipt from an upstream
sales packing slip in the target company.
Access the form with Read access. Copy
tracking dimensions. Use existing
privileges.
View sales packing
slips
Company B
Intercompany sales
invoice navigation
Create a vendor invoice from an upstream
sales invoice in the target company. Access
the form with Read access. Copy tracking
dimensions. Use existing privileges.
View customer
invoice journal
inquiry.
Company B
Company A
Change/edit
customer invoice
journal.
Synchronize
batch/serial
numbers.
Intercompany sales order
navigation
Access a sales order in the target company
with Read access. Use existing privileges.
View sales order
details.
10
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Company A
Company B
The following figure provides an overview of the support that is offered by Intercompany Trade for
actions that are performed downstream from Company B.
Simple enterprise model
Company A: Selling company
Read or
Company B: Distribution company
Maintain
do
Rea
Creates
Document: Original Sales Order
r Ma
inta
in
Sales Clerk Company A
Creates
Document: Intercompany Purchase Order
Document: Intercompany Sales Order
Create from
Push creation
Task: Receive Product
Document: Intercompany Purchase
Product Receipt
Copy dim from
Document: Intercompany Sales
Packing Slip
Create from
Push creation
Copy dim from
Task: Record invoice
Document: Intercompany
vendor invoice
Document: Intercompany
Sales Invoice
Figure 5 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security
privilege exceeding the sales clerk role for company B
To define the additional roles to leverage this support, but without granting excessive permissions to
the user in company B, you can apply the pattern that was applied in the previous sections. This paper
does not provide additional details about how to create these new roles.
Predefined roles – Downstream direct delivery processing
Intercompany execution supports the concept of direct delivery. To reap the benefits of direct delivery
in an intercompany order chain, companies can fully automate updates in the selling company that are
triggered by sales packing slip and sales invoice events in the delivering company. However, note that
a sales packing slip event in the delivering company always triggers the processing of a purchase
product receipt and sales packing slip in the selling company.
We recommend that you create two new security roles to support cross-company updates for
intercompany direct delivery.
The following section provides information about how to enable updates of the sales packing slip and
invoice for intercompany direct delivery.
11
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Sales packing slip process in the delivering company
Consider the scenario where company A cannot fulfill a sales order. To minimize the delivery lead
time, company A authorizes a direct delivery from company B to the customer on the sales order in
company A. This is done by creating an intercompany direct delivery order chain. In intercompany
direct delivery scenarios, the shipping clerk or sales clerk in company B (the delivering company)
processes a sales packing slip in company B. This event triggers the processing of a purchase product
receipt and sales packing slip in company A (the selling company). This process is illustrated by the
figures in “Intercompany direct delivery” at the beginning of this paper. However if the shipping clerk
or sales clerk who processes the sales packing slip in company B does not have adequate security
privilege to process the in-code purchase product receipt and sales packing slip in company A, the
sales packing slip in company B cannot be processed.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
shipping clerk or sales clerk in company B be assigned a role that allows the clerk to process the
purchase product receipt and the sales packing slip in company A. Such security roles could be sales
clerk and buying agent in company A. However assigning these roles would grant the user in company
B full access to sales clerk and buying agent functionality in company A, which may not be desirable
from a segregation-of-duties perspective.
Adding and updating roles
It is possible to obtain a more granular segregation of duties by using the role-based security
framework. Creating one new security role, such as the following, would achieve this:

Process intercompany direct delivery sales packing slip
Process intercompany direct delivery sales packing slip
The purpose of the Process intercompany direct delivery sales packing slip security role is to
enable the shipping clerk or sales clerk in company B to process a sales packing slip for an
intercompany direct delivery sales order. The security role grants the user access to update required
tables in company A as part of the automatic processing of the purchase product receipt and sales
packing slip.
12
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
The following figure illustrates this scenario.
Intercompany direct delivery
Company A: Selling company
Company B: Delivering company
Sales Clerk Company A
Creates
Creates
Task: Create Sales Order
Document: Original Sales Order
Document: Intercompany Purchase Order
Creates
Document: Intercompany Sales Order
Creates
Task: Ship order
Document: Original Sales Order packing slip
Document: Purchase Order product receipt
Document: Sales Order packing slip
Figure 6 Process intercompany direct delivery sales packing slip
The red rectangle highlights the documents that are updated as part of the intercompany sales
packing slip process in company B during an intercompany direct delivery process. The user in
company B who initiates the process needs to have security permission to perform these required
updates in company A.
To use the Process intercompany direct delivery sales packing slip security role, you must
override permissions for selected tables and server methods for the role. Follow these steps:
1. From the Process intercompany direct delivery sales packing slip role, click Override
permissions.
13
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
2. Click Add tables/fields and Add server methods.
3. Add all the tables and server methods that are shown in the following figure. Notice that an icon
that represents the access level is displayed next to each table and server method. The
icon
represents the View access level, the
icon represents the Create access level, and the
icon
14
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
represents the Full Control access level. Apply these values in the Override access level field for
each table and server method.
4. Assign this role to the users in company B who generate the intercompany sales packing slip. For
the scenario that is described in this paper, we recommend that you grant the Process
intercompany direct delivery sales order packing slip security role access to company A.
However, for other scenarios, you may need to grant the role company-wide access.
15
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
The following table provides a schematic overview of the Process intercompany direct delivery
sales packing slip security role.
Role
Description
Granted in
company
Process intercompany
direct delivery sales
packing slip
Process a purchase product receipt and sales packing slip
process in-code in the target company with Create access.
Company A
Sales invoice process in the delivering company
Intercompany direct delivery allows for automatic processing of the vendor invoice and sales invoice in
the selling company (company A) when the sales invoice is processed in the delivering company
(company B). However if the user who performs the task in company B does not have adequate
security privilege to process the in-code vendor invoice and sales invoice in company A, the sales
invoice in company B cannot be processed.
Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the
accounts receivable clerk or sales clerk in company B be assigned a security role that allows the clerk
to process the vendor invoice and the sales invoice in company A. Such a security role could be the
accounts receivable clerk or accounts payable clerk in company A. However assigning one of these
roles would grant the user in company B full access to accounts receivable clerk or accounts payable
clerk functionality in company A, which may not be desirable from a segregation-of-duties perspective.
Adding and updating roles
It is possible to obtain a more granular segregation of duties by using the role-based security
framework. Creating one new security role, such as the following, would achieve this:

Process intercompany direct delivery invoice
Process intercompany direct delivery invoice
The purpose of the Process intercompany direct delivery invoice security role is to enable the
accounts receivable clerk or sales clerk in company B to process a vendor invoice and a sales invoice
in company A. The security role grants the user access to update required tables in company A as part
of the automatic processing of the vendor invoice and sales invoice.
16
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
The following figure illustrates this scenario.
Intercompany direct delivery
Company A: Selling company
Company B: Delivering company
Sales Clerk Company A
Creates
Creates
Task: Create Sales Order
Document: Original Sales Order
Document: Intercompany Purchase Order
Creates
Document: Intercompany Sales Order
Creates
Task: Invoice
Document: Sales Invoice
Document: Vendor Invoice
Document: Sales Invoice
Figure 7 Process intercompany direct delivery sales invoice
The red rectangle highlights the documents that are updated as part of the intercompany sales invoice
process in company B when both vendor invoice recording and sales invoice generation in company A
are configured to be triggered by the sales invoice event in company B. The user in company B who
initiates the process needs to have security permission to perform these required updates in company
A.
To use the Process intercompany direct delivery invoice security role, you must override
permissions for selected tables and server methods for the role. Follow these steps:
1. From the Process intercompany direct delivery invoice role, click Override permissions.
2. Click Add tables/fields and Add server methods.
3. Add all the tables and server methods that are shown in the following figure. Notice that an icon
that represents the access level is displayed next to each table and server method. The
icon
represents the View access level, the
icon represents the Create access level, and the
icon
17
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
represents the Full Control access level. Apply these values in the Override access level field for
each table and server method.
4. Assign this role to the users in company B who generate the intercompany sales invoice. For the
scenario that is described in this paper, we recommend that you grant the Process
intercompany direct delivery invoice security role access to company A. However, for other
scenarios, you may need to grant the role company-wide access.
18
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
The following table provides a schematic overview of the security role.
Role
Description
Granted in
company
Process intercompany
direct delivery invoice
Process a vendor invoice and sales invoice in-code in the target
company with Create access.
Company A
Summary
This paper suggests defining seven security roles, in addition to the security roles that are shipped
with Microsoft Dynamics AX 2012. These seven additional security roles enable you to achieve a
higher degree of segregation of duties within the context of intercompany execution.
Based on company-specific security and organizational requirements, more roles may be necessary.
Similarly, based on company-specific security and organizational requirements, the definitions of the
recommended security roles that are described in this paper may need to be adjusted to fit a specific
company context.
19
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012
Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your
people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar
Microsoft software, automating and streamlining financial, customer relationship and supply chain processes in a
way that helps you drive business success.
U.S. and Canada Toll Free 1-888-477-7989
Worldwide +1-701-281-6500
www.microsoft.com/dynamics
This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site
references, may change without notice. You bear the risk of using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or
should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and
use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft, Microsoft Dynamics, and the Microsoft Dynamics logo are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners.
20
INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012