Role-based security in Microsoft Dynamics AX [AX 2012]

Basics of Security Feature in AX:

In role-based security, access is not granted to individual users, only to security roles. Users are assigned to roles. A user who is assigned to a security role has access to the set of privileges that is associated with that role. A user who is not assigned to any role has no privileges.

                In Microsoft Dynamics AX, role-based security is aligned with the structure of the business. Users are assigned to security roles based on their responsibilities in the organization and their participation in business processes. The administrator grants access to the duties that users in a role perform, not to the program elements that users must use.
                Because rules can be set up for automatic role assignment, the administrator does not have to be involved every time that a user's responsibilities change. After security roles and rules have been set up, business managers can control day-to-day user access based on business data.

1. Security Roles

All users must be assigned to at least one security role in order to have access to Microsoft Dynamics AX. The security roles that are assigned to a user determine the duties that the user can perform and the parts of the user interface that the user can view.

2.Process Cycles:

A business process is a coordinated set of activities in which one or more participants consume, produce, and use economic resources to achieve organizational goals. Process cycles are used for organization only. The process cycles themselves cannot be assigned to roles.

3.Duties:

Duties correspond to parts of a business process. The administrator assigns duties to security roles. A duty can be assigned to more than one role.You can assign related duties to separate roles. These duties are said to be segregated. 

4. Privileges:

In the security model for Microsoft Dynamics AX, a privilege specifies the level of access that is required to perform a job. Privileges can be assigned directly to roles. However, for easier maintenance, it is  recommend that you assign only duties to roles.

5. Permissions:

Each function in Microsoft Dynamics AX, such as a form or a service, is accessed through an entry point. Menu items, web content items, and service operations are referred to collectively as entry points.In the security model for Microsoft Dynamics AX, permissions group the securable objects and access levels that are required to run a function. This includes any tables, fields, forms or server side methods that are accessed through the entry point.Only developers can create or modify permissions.Permissions may be Read,Write,View/Edit etc set on menu items.