Microsoft Dynamics AX 2012 ® Intercompany execution and role-based security in Microsoft Dynamics AX 2012 Implementation Considerations This paper provides guidelines for creating new security roles in Microsoft Dynamics AX 2012 to support intercompany execution scenarios. October 2011 CCAX2012IC2001 Table of Contents Overview..................................................................................................... 3 Predefined roles – Upstream sales view and navigation ............................. 4 Adding and updating roles...................................................................................................... 6 Intercompany purchase order navigation .............................................................................. 7 Intercompany sales order navigation .................................................................................... 7 Intercompany picking list generate ...................................................................................... 7 Predefined roles – Upstream procurement view ......................................... 8 Adding and updating roles...................................................................................................... 9 Intercompany sales packing slip navigation ........................................................................... 9 Intercompany sales invoice navigation ................................................................................. 9 Predefined roles – Downstream direct delivery processing ....................... 11 Sales packing slip process in the delivering company................................................................12 Adding and updating roles ................................................................................................. 12 Process intercompany direct delivery sales packing slip ......................................................... 12 Sales invoice process in the delivering company ......................................................................16 Adding and updating roles ................................................................................................. 16 Process intercompany direct delivery invoice ........................................................................ 16 Summary .................................................................................................. 19 2 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Overview As part of the introduction of a role-based security model in Microsoft Dynamics® AX 2012, several roles are shipped with Microsoft Dynamics AX 2012. However, most of these roles are primarily designed to support processes that are executed within a single legal entity in Microsoft Dynamics AX 2012. By nature, intercompany execution is cross–legal entity. In previous versions of Microsoft Dynamics AX, intercompany execution was orchestrated in code that consulted user group security constraints only in the company from which the process execution was initiated. One example of this kind of process is the posting of intercompany sales packing slips for direct delivery. If the user had access to process the sales packing slip in the delivering legal entity, performing this task automatically triggered and executed product receipt and sales packing slip processing for the intercompany purchase order and the original sales order in the selling company. Intercompany direct delivery Company A: Selling company Company B: Delivering company Sales Clerk Company A Creates Creates Task: Create Sales Order Document: Original Sales Order Document: Intercompany Purchase Order Creates Document: Intercompany Sales Order Creates Task: Ship order Document: Original Sales Order packing slip Document: Purchase Order product receipt Document: Sales Order packing slip Figure 1 Example of a simple enterprise model, where company A is a selling company and company B is a delivering company No explicit security privilege was required for the user in the selling company to execute this process. However, with the introduction of the new role-based security model in Microsoft Dynamics AX 2012, a user has to be granted explicit security privileges in all companies that the process spans. In the case of intercompany direct delivery, this means that the user who works in the delivering company must also be granted security privileges to automatically process the purchase product receipt for the intercompany purchase order and the sales packing slip for the original sales order in the selling company. The intercompany functionality that is provided in Microsoft Dynamics AX 2012 also includes functionality of a more navigational character. This functionality includes support for cross-company navigation between intercompany purchase orders and intercompany sales orders, and cross-company 3 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 navigation to intercompany sales packing slips and similar documents. In previous versions of Microsoft Dynamics AX, this type of navigation was constrained by user group security settings. However, the introduction of the role-based security model in Microsoft Dynamics AX 2012 requires different settings than the settings that you used in previous versions, such as Microsoft Dynamics AX 2009. This paper suggests defining seven security roles to support intercompany execution and navigation scenarios for companies when a more granular segregation of duties is required across companies. The paper provides guidelines about how to define these new security roles. The use of seven security roles supports a more granular segregation of duties than is provided by the predefined security roles that are shipped Microsoft Dynamics AX 2012. Predefined roles – Upstream sales view and navigation Microsoft Dynamics AX 2012 comes with several predefined security roles. Most of these roles are designed to support processes that are executed within a single legal entity context. For order management, order fulfillment, and order billing, the following security roles represent key roles that are shipped with Microsoft Dynamics AX 2012: Buying agent Purchasing agent Sales clerk Receiving clerk Shipping clerk Accounts payable clerk Accounts receivable clerk 4 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Take the example of a simple enterprise structure of two companies in Microsoft Dynamics AX 2012: company A and company B. Company A is a selling company, and company B is a central distribution center that is modeled as a separate legal entity. Company A sources from company B. Simple enterprise model Company A: Selling company Company B: Distribution company Sales Clerk Company A Creates Creates Task: Create Sales Order Document: Original Sales Order Document: Intercompany Purchase Order Document: Intercompany Sales Order Task: Ship order Task: Product receipt Task: Ship order Document: Original Sales Order packing slip Document: Purchase Order product receipt Document: Sales Order packing slip Figure 2 Example of a simple enterprise model and a simple flow for creating an intercompany order chain, and for shipping and receiving an intercompany order in each company In company A, a sales clerk is assigned the Sales clerk security role. The sales clerk creates a sales order. Upon order creation, an intercompany order chain is created, consisting of an intercompany purchase order in company A and an intercompany sales order in company B. The process has been set up so that the generation of the picking list in company B can be manually triggered from company A after creation of the intercompany sales order. 5 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the sales clerk in company A be assigned a security role that allows the sales clerk to process the picking list in company B. Such a security role could be the sales clerk in company B. However assigning this role would grant the sales clerk in company A full access to sales clerk functionality in company B, which may not be desirable from a segregation-of-duties perspective. Simple enterprise model Company A: Selling company Company B: Distribution company Create Sales Clerk Company A Re ad or Rea Ma int ain d or Ma i ntai n Document: Picking list For intercompany sales order Creates Creates Task: Create Sales Order Document: Original Sales Order Document: Intercompany Purchase Order Document: Intercompany Sales Order Figure 3 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security privileges exceeding the sales clerk role for company A Extending the scenario, the sales clerk in company A must do follow-up on the intercompany sales order in company B. The sales clerk must inquire into the quantities that are shipped per line item. This action is represented in the previous figure by the green “Read or Maintain” arrow that points toward the intercompany sales order in company B. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the sales clerk in company A be assigned a security role that allow the sales clerk to inquire into the sales order in company B. Such a security role could be the sales clerk in company B. However, assigning this role would grant the sales clerk in company A full access to sales clerk functionality in company B, which may not be desirable from a segregation-of-duties perspective. Adding and updating roles It is possible to obtain a more granular segregation of duties by using the role-based security framework. Creating three new security roles, such as the following, would achieve this: Intercompany purchase order navigation Intercompany sales order navigation Intercompany picking list generate 6 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Intercompany purchase order navigation The purpose of the Intercompany purchase order navigation security role is to enable the sales clerk in company A to navigate to the intercompany purchase order in company A. The security role grants the user access to view purchase orders in company A. The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View purchase order details (the name in the Application Object Tree (AOT) is PurchtableDetailsView). Intercompany sales order navigation The purpose of the Intercompany sales order navigation security role is to enable the sales clerk in company A to navigate to the intercompany sales order in company B. The security role grants the user access to view sales orders in company B. The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View sales order details (AOT name: SalestableDetailsView). Intercompany picking list generate The purpose of the Intercompany picking list generate security role is to enable the manual generation of the picking list in company B from the sales order in company A. The security role grants the user access to generate picking lists in company B. This flow assumes that the intercompany sales action policy parameter ‘Print picking list’ is disabled in company B. The role contains two privileges that are shipped with Microsoft Dynamics AX 2012, Process sales picking list (AOT name: SalesFormLetter_PickingListProcess) and Generate picking lists (AOT name: WMSPickingLists_OrderPickGenerate). Be aware that this role grants access to data in the target company beyond the specific intercompany order. To limit data access in the target company to intercompany orders, record-level security must be applied. The following table provides a schematic overview of these three security roles, and where access that is related to the previous scenario is granted. Role Description Privilege Granted in company Intercompany purchase order navigation Access a purchase order in the target company with Read access. Use existing privileges. View purchase order details. Company A Intercompany sales order navigation Access a sales order in the target company with Read access. Use existing privileges. View sales order details. Company B Intercompany picking list generate Access a sales picking list in the target company with Create access. Use existing privileges. Process a sales picking list. Company B Generate picking lists. 7 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Predefined roles – Upstream procurement view Take again the example of a simple enterprise structure of two companies in Microsoft Dynamics AX 2012: company A and company B. Company A is a selling company, and company B a central distribution center that is modeled as a separate legal entity. Company A sources from company B. The scenario that is depicted in the following figure applies the perspective of the buying agent in company A. Simple enterprise model Company B: Distribution company Company A: Selling company R ead or M ain tain Buying Agent Company A Re Creates Document: Original Sales Order ad or Ma inta in Creates Document: Intercompany Purchase Order Document: Intercompany Sales Order Create from Pull creation Task: Receive Product Document: Intercompany Purchase Product Receipt Copy dim from Document: Intercompany Sales Packing Slip Create from Pull creation Copy dim from Task: Record invoice Document: Intercompany vendor invoice Document: Intercompany Sales Invoice Figure 4 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security privileges exceeding the buying agent role for company A The buying agent in company A is responsible for managing purchase orders, including intercompany purchase orders. In this case, the buying agent must be able to inquire into the quantities that are shipped from company B per line item. This action is represented in the previous figure by the green “Read or Maintain” arrow that points toward the intercompany sales order in company B. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the buying agent in company A be assigned a security role that allows the buying agent to inquire into the sales order in company B. Such a role could be the sales clerk in company B. However, assigning this role would grant the buying agent in company A full access to sales clerk functionality in company B, which may not be desirable from a segregation-of-duties perspective. Extending the scenario, the buying agent in company A must process the purchase product receipt in company A directly off the sales packing slip that is processed in company B, so that the purchase product receipt in company A completely mirrors the sales packing slip in company B. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the buying agent in company A be assigned a role that allows the buying agent to inquire into the sales 8 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 packing slip in company B. Such a security role could be the sales clerk in company B. However assigning this role would grant the buying agent in company A full access to sales clerk functionality in company B, which may not be desirable from a segregation-of-duties perspective. Extending the scenario again, the accounts payable clerk in company A must process the vendor invoice in company A directly off the sales invoice that is processed in company B, so that the vendor invoice in company A completely mirrors the sales invoice in company B. This action is represented by the last task, “Record invoice,” in the previous figure. Note that the accounts payable clerk is not explicitly illustrated in the figure, only the task. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the accounts payable clerk in company A be assigned a role that allows the accounts payable clerk to inquire into the sales invoice in company B. Such a security role could be the accounts receivable clerk in company B. However assigning this role would grant the accounts payable clerk in company A full access to accounts receivable clerk functionality in company B, which may not be desirable from a segregation-of-duties perspective. In the previous figure, also notice the support for manually copying tracking dimensions from the intercompany sales line as part of the “Receive product” task for the intercompany purchase product receipt and the “Record invoice” task for the intercompany vendor invoice. Adding and updating roles It is possible to obtain a more granular segregation of duties by using the role-based security framework. Creating two new security roles, such as the following, would achieve this: Intercompany sales packing slip navigation Intercompany sales invoice navigation Intercompany sales packing slip navigation The purpose of the Intercompany sales packing slip navigation security role is to enable the buying agent in company A to navigate to the intercompany sales packing slip in company B. The security role grants the user access to view sales packing slips in company B, and to process the purchase product receipt in company A off the sales packing slip. The role contains one privilege that is shipped with Microsoft Dynamics AX 2012, View sales packing slips (AOT name: CustPackingSlipJournalView). Be aware that this role grants access to data in the target company beyond the specific intercompany order. To limit data access in the target company to intercompany orders, record-level security must be applied. Intercompany sales invoice navigation The purpose of the Intercompany sales invoice navigation security role is to enable the accounts payable clerk or buying agent in company A to navigate to the intercompany sales invoice in company B. The security role grants the user access to view sales invoices in company B, and to process the vendor invoice in company A off the sales invoice. However, the accounts payable clerk and buying agent roles do not have access to the Intercompany Tracing > Invoice Journal menu button in company A. Access to this menu button is granted from the View sales invoice privilege that the user who has the Accounts payable clerk or Buying agent role must have for company A. Therefore, we recommend that you let the user and Intercompany sales invoice navigation role have access to both company A and B, to allow the accounts payable clerk and buying agent to navigate from company A to company B, and to trigger the vendor invoice process off the sales invoice in company B. However, a split of the Intercompany sales invoice navigation role may be required in cases where a stricter segregation of duties and stricter data access are required. 9 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 The Intercompany sales invoice navigation role contains three privileges that are shipped with Microsoft Dynamics AX 2012, View customer invoice journal inquiry (AOT name: CustInvoiceJournalView), Change/edit customer invoice journal (AOT name: CustInvoiceJournalMaintain), and Synchronize batch/serial numbers (AOT name: IntercompanyTransferInventDimProcess). Be aware that this role grants access to data in the target company beyond the specific intercompany order. To limit data access in the target company to intercompany orders, record-level security must be applied. The following table provides a schematic overview of these two security roles, and where access that is related to the previous scenario is granted. Combining these two roles with the previously defined Intercompany sales order navigation role meets the preceding requirements. The Intercompany sales order navigation role appears in italic in the table. Role Description Privilege Granted in company Intercompany sales packing slip navigation Create a product receipt from an upstream sales packing slip in the target company. Access the form with Read access. Copy tracking dimensions. Use existing privileges. View sales packing slips Company B Intercompany sales invoice navigation Create a vendor invoice from an upstream sales invoice in the target company. Access the form with Read access. Copy tracking dimensions. Use existing privileges. View customer invoice journal inquiry. Company B Company A Change/edit customer invoice journal. Synchronize batch/serial numbers. Intercompany sales order navigation Access a sales order in the target company with Read access. Use existing privileges. View sales order details. 10 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Company A Company B The following figure provides an overview of the support that is offered by Intercompany Trade for actions that are performed downstream from Company B. Simple enterprise model Company A: Selling company Read or Company B: Distribution company Maintain do Rea Creates Document: Original Sales Order r Ma inta in Sales Clerk Company A Creates Document: Intercompany Purchase Order Document: Intercompany Sales Order Create from Push creation Task: Receive Product Document: Intercompany Purchase Product Receipt Copy dim from Document: Intercompany Sales Packing Slip Create from Push creation Copy dim from Task: Record invoice Document: Intercompany vendor invoice Document: Intercompany Sales Invoice Figure 5 A green arrow represents one or more actions supported by Intercompany Trade that require explicit security privilege exceeding the sales clerk role for company B To define the additional roles to leverage this support, but without granting excessive permissions to the user in company B, you can apply the pattern that was applied in the previous sections. This paper does not provide additional details about how to create these new roles. Predefined roles – Downstream direct delivery processing Intercompany execution supports the concept of direct delivery. To reap the benefits of direct delivery in an intercompany order chain, companies can fully automate updates in the selling company that are triggered by sales packing slip and sales invoice events in the delivering company. However, note that a sales packing slip event in the delivering company always triggers the processing of a purchase product receipt and sales packing slip in the selling company. We recommend that you create two new security roles to support cross-company updates for intercompany direct delivery. The following section provides information about how to enable updates of the sales packing slip and invoice for intercompany direct delivery. 11 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Sales packing slip process in the delivering company Consider the scenario where company A cannot fulfill a sales order. To minimize the delivery lead time, company A authorizes a direct delivery from company B to the customer on the sales order in company A. This is done by creating an intercompany direct delivery order chain. In intercompany direct delivery scenarios, the shipping clerk or sales clerk in company B (the delivering company) processes a sales packing slip in company B. This event triggers the processing of a purchase product receipt and sales packing slip in company A (the selling company). This process is illustrated by the figures in “Intercompany direct delivery” at the beginning of this paper. However if the shipping clerk or sales clerk who processes the sales packing slip in company B does not have adequate security privilege to process the in-code purchase product receipt and sales packing slip in company A, the sales packing slip in company B cannot be processed. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the shipping clerk or sales clerk in company B be assigned a role that allows the clerk to process the purchase product receipt and the sales packing slip in company A. Such security roles could be sales clerk and buying agent in company A. However assigning these roles would grant the user in company B full access to sales clerk and buying agent functionality in company A, which may not be desirable from a segregation-of-duties perspective. Adding and updating roles It is possible to obtain a more granular segregation of duties by using the role-based security framework. Creating one new security role, such as the following, would achieve this: Process intercompany direct delivery sales packing slip Process intercompany direct delivery sales packing slip The purpose of the Process intercompany direct delivery sales packing slip security role is to enable the shipping clerk or sales clerk in company B to process a sales packing slip for an intercompany direct delivery sales order. The security role grants the user access to update required tables in company A as part of the automatic processing of the purchase product receipt and sales packing slip. 12 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 The following figure illustrates this scenario. Intercompany direct delivery Company A: Selling company Company B: Delivering company Sales Clerk Company A Creates Creates Task: Create Sales Order Document: Original Sales Order Document: Intercompany Purchase Order Creates Document: Intercompany Sales Order Creates Task: Ship order Document: Original Sales Order packing slip Document: Purchase Order product receipt Document: Sales Order packing slip Figure 6 Process intercompany direct delivery sales packing slip The red rectangle highlights the documents that are updated as part of the intercompany sales packing slip process in company B during an intercompany direct delivery process. The user in company B who initiates the process needs to have security permission to perform these required updates in company A. To use the Process intercompany direct delivery sales packing slip security role, you must override permissions for selected tables and server methods for the role. Follow these steps: 1. From the Process intercompany direct delivery sales packing slip role, click Override permissions. 13 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 2. Click Add tables/fields and Add server methods. 3. Add all the tables and server methods that are shown in the following figure. Notice that an icon that represents the access level is displayed next to each table and server method. The icon represents the View access level, the icon represents the Create access level, and the icon 14 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 represents the Full Control access level. Apply these values in the Override access level field for each table and server method. 4. Assign this role to the users in company B who generate the intercompany sales packing slip. For the scenario that is described in this paper, we recommend that you grant the Process intercompany direct delivery sales order packing slip security role access to company A. However, for other scenarios, you may need to grant the role company-wide access. 15 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 The following table provides a schematic overview of the Process intercompany direct delivery sales packing slip security role. Role Description Granted in company Process intercompany direct delivery sales packing slip Process a purchase product receipt and sales packing slip process in-code in the target company with Create access. Company A Sales invoice process in the delivering company Intercompany direct delivery allows for automatic processing of the vendor invoice and sales invoice in the selling company (company A) when the sales invoice is processed in the delivering company (company B). However if the user who performs the task in company B does not have adequate security privilege to process the in-code vendor invoice and sales invoice in company A, the sales invoice in company B cannot be processed. Using predefined Microsoft Dynamics AX 2012 security roles to support this scenario requires that the accounts receivable clerk or sales clerk in company B be assigned a security role that allows the clerk to process the vendor invoice and the sales invoice in company A. Such a security role could be the accounts receivable clerk or accounts payable clerk in company A. However assigning one of these roles would grant the user in company B full access to accounts receivable clerk or accounts payable clerk functionality in company A, which may not be desirable from a segregation-of-duties perspective. Adding and updating roles It is possible to obtain a more granular segregation of duties by using the role-based security framework. Creating one new security role, such as the following, would achieve this: Process intercompany direct delivery invoice Process intercompany direct delivery invoice The purpose of the Process intercompany direct delivery invoice security role is to enable the accounts receivable clerk or sales clerk in company B to process a vendor invoice and a sales invoice in company A. The security role grants the user access to update required tables in company A as part of the automatic processing of the vendor invoice and sales invoice. 16 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 The following figure illustrates this scenario. Intercompany direct delivery Company A: Selling company Company B: Delivering company Sales Clerk Company A Creates Creates Task: Create Sales Order Document: Original Sales Order Document: Intercompany Purchase Order Creates Document: Intercompany Sales Order Creates Task: Invoice Document: Sales Invoice Document: Vendor Invoice Document: Sales Invoice Figure 7 Process intercompany direct delivery sales invoice The red rectangle highlights the documents that are updated as part of the intercompany sales invoice process in company B when both vendor invoice recording and sales invoice generation in company A are configured to be triggered by the sales invoice event in company B. The user in company B who initiates the process needs to have security permission to perform these required updates in company A. To use the Process intercompany direct delivery invoice security role, you must override permissions for selected tables and server methods for the role. Follow these steps: 1. From the Process intercompany direct delivery invoice role, click Override permissions. 2. Click Add tables/fields and Add server methods. 3. Add all the tables and server methods that are shown in the following figure. Notice that an icon that represents the access level is displayed next to each table and server method. The icon represents the View access level, the icon represents the Create access level, and the icon 17 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 represents the Full Control access level. Apply these values in the Override access level field for each table and server method. 4. Assign this role to the users in company B who generate the intercompany sales invoice. For the scenario that is described in this paper, we recommend that you grant the Process intercompany direct delivery invoice security role access to company A. However, for other scenarios, you may need to grant the role company-wide access. 18 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 The following table provides a schematic overview of the security role. Role Description Granted in company Process intercompany direct delivery invoice Process a vendor invoice and sales invoice in-code in the target company with Create access. Company A Summary This paper suggests defining seven security roles, in addition to the security roles that are shipped with Microsoft Dynamics AX 2012. These seven additional security roles enable you to achieve a higher degree of segregation of duties within the context of intercompany execution. Based on company-specific security and organizational requirements, more roles may be necessary. Similarly, based on company-specific security and organizational requirements, the definitions of the recommended security roles that are described in this paper may need to be adjusted to fit a specific company context. 19 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar Microsoft software, automating and streamlining financial, customer relationship and supply chain processes in a way that helps you drive business success. U.S. and Canada Toll Free 1-888-477-7989 Worldwide +1-701-281-6500 www.microsoft.com/dynamics This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Dynamics, and the Microsoft Dynamics logo are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. 20 INTERCOMPANY EXECUTION AND ROLE BASED SECURITY IN MICROSOFT DYNAMICS AX 2012