Dynamics F/SCM Customer Experience (CRM) Dynamics GP Dynamics Business Central (NAV) Dynamics SL Power Platform Fabric Copilot

[Brad Reeves]

Is there a way to protect attachments from being deleted in Microsoft AX 2012 R2?  For example, in the accounts payable module, we attach copies of invoices to transactions in the vendor record.  Just curious if there is way to restrict deletion of these attachments.  Thanks!

——————————
Brad Reeves
Supervisor – Financial Accounting
Bill And Hillary Clinton National Airport
Little Rock AR
——————————

[Zvika Rimalt]

We did something similar with regard to vendor bank listing.
We tweaked (=slightly customized security roles) to prevent users from deleting from the “vendor bank” table – you can do the same on the document attachment table.
Users can only create and modify the details of existing banks

——————————
Zvika Rimalt
Functional Solution Architect
Vancouver BC Canada
——————————
——————————————-

[Allen Rupp]

I too am interested in learning if this is possible.
Thanks,
Allen Rupp

——————————
Allen Rupp
Purchasing Manager
Woodland Foods
Waukegan IL
——————————
——————————————-

[Scott Morley]

I don’t know that there is a way out of the box to restrict deletions. You can change the access on the file share to not allow delete. That will prevent the file from being deleted, but not the AX link to the file. In order to prevent the reference from being deleted in AX you can customize the DocumentHandlingEssentials security privilege to reduce the security level from delete to create and that will prevent any document from being deleted. Of course, if that is too big a hammer, you can duplicate that privilege to create a custom role. If you need some users to delete and only want to prevent a specific group, creating a new privilege with the deny permission will likely be the best bet. Deny will always override any inherited grant. Then you can put that privilege in a role and assign it to the users you want to prevent deletion for.

——————————
Scott Morley
Principal Application Architect
OneNeck IT Solutions
Bend OR
——————————
——————————————-

[Brad Reeves]

Thanks Scott.  I’m new to this and am trying this first in our test environment.  Can you walk me through this?  I found the document handling security privilege you mentioned buried below IT cycle/Use basic functionality.  How do I copy this to create a new one with the changes I want?  Once I create the new one, do I change the access level to “No access” for certain privileges.  Once this is done, I can go into the “employee” security role and take the document handling essentials privilege out and replace it with the new one I create.  Does that sound right?

——————————
Brad Reeves
Supervisor – Financial Accounting
Bill And Hillary Clinton National Airport
Little Rock AR
——————————
——————————————-

[Scott Morley]

Brad,

You are on the right track. I just want to point out that the Deny setting I mentioned is only available in D365, I was getting ahead of myself with a bit of wishful thinking. In 2012 you will have to change the access level.

The best practice when doing this kind of change is to make copies of the objects involved and the easiest way to do it is right in the AOT. Here is a quick walkthrough:

 

• Open the AOT and find the privilege
• Right click on the privilege and select Duplicate
• This will create a CopyOf privilege
• Rename the new privilege to remove the CopyOf and add DenyDelete at the end (or name it however you want).
• Change either the Entry point (which is a menu item) access level or add a table and change the access level there. The difference is in granularity. If you add a table and set access there it will override all of the Entry points. If you change the entry point, it will only affect that one.
• Once you have a new privilege you have to find where to apply it. You can search through the Duties node of the AOT to find the existing privilege. Do this by highlighting Duties and then doing a find. Change the Search dropdown to All nodes (this will actually search through the properties and not just look at methods) and put the name of the existing privilege in the Containing text field. This will give you a list of all the Duties that use the Privilege. With this list, you can either modify the Duty to use the new Privilege or right click and duplicate the Duty the same was you did for the Privilege and then modify the new Duty.
• Since Roles can contain Privileges as well, repeat the search in Roles.
• If you modified the Duties instead of duplicating them then you should be done.
• If you created new Duties then search the Roles for the existing Duties and either duplicate or modify the Roles.
• If you duplicate Roles, you then need to change the user assignments

 

I hope this explains it with enough detail, if you run into any issues or have any questions, just hit me up privately.

——————————
Scott Morley
Principal Application Architect
OneNeck IT Solutions
Bend OR
——————————
——————————————-

[Brad Reeves]

Thank you so much Scott.  For some reason when I right click a duty or privilege, the drop down doesn’t have the option to “duplicate”.  Since I didn’t have this, I just created a new privilege under this duty and copied all the permissions from the existing privilege.  I’m not sure how to create a new duty.

——————————
Brad Reeves
Supervisor – Financial Accounting
Bill And Hillary Clinton National Airport
Little Rock AR
——————————
——————————————-