Thursday, February 24, 2011

Only able to select companies in the domain

Here is a security tip I learned from a previous project. After company domains are all properly configured, it's natural you want users only to be able to select companies that they belong to. If you grant access to Admin - Open domain access, it'll open up all companies in AX for the user to select, although he can't do or see anything in the companies that he doesn't belong to. What's even annoying is he can't click company link and go to the other companies and gets stuck in the wrong company unless restarts AX.

A very simple workaround. Create a separate user group for each domain for company selection. In this group, DON'T give access to "Open domain access", but give access to Admin - Tables - Company data. Remove company access from all the other user groups and add this special group to the group collection. Here you go. Only able to see companies in the domain.

3 comments:

  1. Are you using the global address book in this scenario? I did the same procedure slightly different but getting errors if a user is adding an address to a customer. It fails because there is no "open domain access" and this seems to be required. Any hints?

    ReplyDelete
  2. Hi, sorry, I was away for a while and wasn't able to monitor my blog. I wish you already had your issue resolved.
    Yes, I did use GAB. GAB data is shared across all companies. What I did was to create a specific GAB user group for each domain, and assigned it to the users who should have access in that domain.

    ReplyDelete
    Replies
    1. Hi, I'm having the same problem. I need a user to be able to see only 2 out of 10 companies when changing the company. However if the Open Domain Access Key is switched off, I encounter difficulties when creating Customers/Vendors and settling invoices.

      Can you give more details on the above workaround please?

      Delete