Security

Docentric Roles

Docentric Role Description
Docentric AX Administrator This role has full access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields.
In other words, a user with this role can configure all functionalities in Docentric setup.
Docentric AX Viewer This role has read-only access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields.
In other words, a user with this role can open and view all forms in Docentric setup.
Docentric AX Power User This role has full access to all Docentric securable artifacts with one exception: it is affected by Template data security and cannot configure the parameters of this functionality. Learn more >>
Docentric AX Template Editor This role has access to all Docentric functionalities regarding Docentric Templates, which means report template configuration.
Docentric AX Email Template Editor This role has access to all Docentric functionalities regarding Docentric Email templates, which means email template configuration.
Docentric AX Print Archive PDF Password Reader This role enables to view the password of archived reports in Print archive, if they were distributed as the encrypted PDF documents, i.e. if the encryption conditions were fulfilled. Note that reports are not archived as encrypted.
Docentric AX Report Attachments User This role has full access to Docentric functionalities regarding Global attachments, including Attachment categories.
Note that users with the Docentric AX Administrator or Power User roles assigned already have full access to Global attachments.
Docentric AX Report Labels User This role has full access to Docentric functionalities regarding User-defined labels, including Label languages and Label groups. Note that a user with this role, which doesn’t have update access to Docentric report setup provided via the Docentric AX Administrator or Power User roles, cannot configure Custom labels for reports.
On the other hand, users with assigned roles Docentric AX Administrator or Power User already have full access to User-defined labels.
Docentric AX Electronic Signature User This role has full access to Docentric functionalities regarding Electronic signature: Electronic signature certificates, Electronic signature appearances and Electronic signature appearance groups. Note that a user with this role, which doesn’t have update access to Docentric report setup provided via the Docentric AX Administrator or Power User roles, cannot configure Electronic signature settings for reports.
On the other hand, users with assigned roles Docentric AX Administrator or Power User have full access to Electronic signature already.

Role: Docentric AX Administrator

The Docentric AX Administrator role has full access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields.

Additionally, a user who has this role assigned can use Docentric Table Browser to:

  • Update Docentric system tables with hidden parameters:
    • DocentricEngineSetting,
    • DocFeaturePreview,
    • DocTraceParam.

    Note that these tables, like all other AX tables, cannot be edited by using the built-in Table Browser in production environments.

  • View Docentric system tables, which are meant for logging and tracing:
    • DocUpgradeLog,
    • DocTraceTable.

    These tables can also be viewed if you have the System administrator role or if you are using the built-in Table Browser.

How to open Docentric Table Browser

A table can be open in the built-in Table Brower by using the SysTableBrowser menu item in the D365FO app URL:
https://usnconeboxax1aos.cloud.onebox.dynamics.com/?mi=SysTableBrowser&TableName=DocFeaturePreview&cmp=usmfTo use Docentric Table Browser instead, replace SysTableBrowser with DocTableBrowser in this URL:
https://usnconeboxax1aos.cloud.onebox.dynamics.com/?mi=DocTableBrowser&TableName=DocFeaturePreview&cmp=usmf

Roles: Docentric AX Power User and Template Editor

Template data security affects operations related to Docentric Templates (aka designs) and those roles which have privileges to work with them, which are Docentric AX Power User and Template Editor. Note that Template Data Security is not applied to users with the System Administrator or Docentric AX Administrator roles.

For example, if Apply Legal Entity constraint is turned on, only operations with Docentric designs (aka templates) associated with the current user’s company are allowed. Additionally, you can customize your custom Template data security constraint in X++ and activate it via the Apply custom constraints option. Learn more >>

Duties for Print Archive on Customer and Vendor Card

In D365FO most users can view and delete reports from Print archive but only those printed by themselves. Since there is no built-in duty or role that covers maintenance or at least viewing of all archived reports, we were forced to introduce four additional privileges/duties you should use to allow your sales or purchasing agents/managers to access Print archive from Customer and Vendor cards:

  • DocCustPrintArchiveMaintain (Maintain Print archive per customer),
  • DocCustPrintArchiveView (View Print archive per customer),
  • DocVendPrintArchiveMaintain (Maintain Print archive per vendor),
  • DocVendPrintArchiveView (View Print archive per vendor).

Learn more >>

Report Security

Since Docentric sits on top of SSRS, it is not responsible for securing SSRS reports that are enhanced by Docentric in terms of design and print destinations. Docentric simply inherits SSRS report security.

However, Docentric extends the built-in Print destination settings form with Docentric menu items, e.g. for opening forms for selection of placeholders or adding additional email attachments. To enable them to be visible to all users which are entitled to run a report and configure its print settings, we extended the basic role for system users – System user. Please see the next chapter for details.

Role Extension: System user

We extended the System user role by creating an extension role artifact SystemUser.Extension_DC with one additional privilege DocentricAXEssentials. This role is extended in the Docentric AX Extension model.

 

The DocentricAXEssentials privilege secure Docentric menu items (by giving them full control) that are used on:

  • The Print destination settings Security is inherited from the SSRS report which opens this form.
  • The Docentric AX workspace: DocPrintMgmtTile. Security for Print management setup is implemented in the code by using the existing built-in security for Print management.

 

Duty Extension: Maintain system settings

We extended the Maintain system settings duty by creating an extension duty artifact SysServerSettingsMaintain.Extension_DC with two additional privileges DocOutgoingEmailLogMaintain and DocOutgoingEmailMessageUpdateMaintain. This duty is extended in the Docentric AX model.

Next, this duty participates only in one role: Information technology manager (SysServerITManager).

 

The SysServerSettingsMaintain.Extension_DC duty extension enables Docentric improvements of Batch email sending status:

Learn about emailing reports using Batch email sending status >>

Duties for Sending test email for Organization and System email templates

We created two new duties in the Docentric AX Emails model:

  • DocSysEmailTableMaintain (Organization email templates maintain),
  • DocSysEmailSystemTableMaintain (System email templates maintain).

 

These duties secure the Sending test email functionality which is added to Organization and System email templates as a Docentric improvement.

See also

How to Set Up Global Parameters >>
How to Set Up Report Templates >>

IN THIS ARTICLE