menu-in-ax

AXPulse security tool- maintain Security logs for the safety of your organization

Microsoft Dynamics AX is one of the most widely used ERP solutions in the world. An ERP solution serves as the backbone of an organization and stores highly critical information related to the organization.

An unauthorized malicious user can cause serious damages and can cause a financial loss of millions of dollars if the user gets access to the Production server.

AX 2012 has the in-built role based security framework. This framework contains security objects such as: Role, Duties and Privileges to control user access. These objects ensure which user gets what level of access.

The problem

Code moves happen in every organization on regular basis. And after some good testing, code is promoted to Production system. Code can be moved in the form of Modelstores, model file or xpo files. The technical architect moves the code and reports what objects were moved as part of the build deployment.

BUT, once the code has been moved, there is no way for a Security administrator to make sure his Security objects are intact. Or only the approved changes were made. One way, is that the Security administrator manually goes thru all the Security objects and compares them with his manually prepared Excel file to check for changes. This is highly impractical! There are thousands of security objects in AX 2012 and this really does not seem to be the best approach to manually go thru all of them.

The attack

The technical architect can very easily mess up with your Security objects and secretly add new users and give them Admin access. Or he may do some blunders or make changes that were not supposed to be made.

What the security administrator wants?

He would like to make sure:

  1. Only approved changes were made and nothing else has changed.
  2. He would like to see what changes went into the system and what exactly happened after the code move. He would like to see a report. No, we cannot accept the report submitted by developers. We need to find out what exactly happened in the System!
  3. At times, he would like to see how the security has changed over the past couple of months. So, he may want to see what changes happened between January 2016 and July 2016? Or, he may want to see what has been modified in the Security objects since March 2016?

Currently, there is no single way of doing that in AX 2012.

 

AXPulse security tool

Keeping the need of security administrators in mind, engineers at AXPulse have developed a really smart security tool that enables you to keep track of your organization’s security model and identify the slightest changes that were made in the security model. Some of the cool features of the product are:

  • Maintain security logs. You will be able to save the encrypted log file at any point of time and capture the security image right away. The encryption ensures that your log file is not readable.
  • Run batch based jobs for periodic backups.
  • Compare the current security of AX 2012 with a previous version by comparing it with the log file you have.
  • Compare two log files to identify changes made.
  • Identify newly added security objects such as Roles, Duties, Privileges.
  • Identify deleted security objects.
  • Keep track of users- which user got enabled, added, removed. Which new roles got assigned/removed from a user.
  • What new privileges were added to particular duties and roles.
  • What privileges/duties got enabled or disabled.

These are just some of the features. There is a lot more cooking in our labs to track security changes!

 

AXPulse security tool demo:

There you can see the menu items related to the product:

menu-in-ax

 

You define your Security log file path in the System parameters:

file-path

 

Now, let us export the current security log and save the log file by running our batch-based export job:

export-dialog

Click Ok and you should see the info log:

export-message

Now let’s go to the security log file and see what it looks like:

security-log-file

 

 

Okay, so we can have these security log backups on periodic basis. Now, let’s take a look at the import process. In order to compare a security log, we first have to import it using the import job:

 

import-log-data

 

Click Ok, and we get the info log message:

import-message-box

 

Now, let’s do the security comparison. To do that, we need to go to the Security compare form. Remember, we can compare two different log files or we can compare a log file with the current security of AX 2012. compare-1

 

compare-2

Now, lets hit compare and check out  the results!

result-1

 

result-2

 

result-3

 

result-4

There you go, this was just a quick glimpse into the product. There’s a lot more coming! To get details on this product, send us an email.

 

 

 

 

 

Leave a Reply

Recent Comments

    Archives

    Categories