Security

This chapter describes Docentric reporting improvements related security.
For security regarding Docentric improvements of built-in functionalities not related to reporting, please check this manual.

Docentric Roles

Docentric Role Description
Docentric AX Administrator This role has full access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields related to reporting.
In other words, a user with this role can configure all functionalities in Docentric setup.
Docentric AX Viewer This role has read-only access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields.
In other words, a user with this role can open and view all forms in Docentric setup.
Docentric AX Power User This role has full access to all Docentric securable artifacts with one exception: it is affected by Template data security and cannot configure the parameters of this functionality. Learn more >>
Docentric AX License Manager This role is dedicated to Docentric license management: it can upload, remove or export a Docentric AX license, configure license notification settings, receive subscription expiration notifications and request subscription renewals.
Docentric AX Template Editor This role has access to all Docentric functionalities regarding Docentric Templates, which means report template configuration.
Docentric AX Email Template Editor This role has access to all Docentric functionalities regarding Docentric Report Email templates, which means report email template configuration.
Docentric AX Print Archive PDF Password Reader This role enables to view the password of archived reports in Print archive, if they were distributed as the encrypted PDF documents, i.e. if the encryption conditions were fulfilled. Note that reports are not archived as encrypted.
Docentric AX Report Attachments User This role has full access to Docentric functionalities regarding Global attachments, including Attachment categories.
Note that users with the Docentric AX Administrator or Power User roles assigned already have full access to Global attachments.
Docentric AX Report Labels User This role has full access to Docentric functionalities regarding User-defined labels, including Label languages and Label groups. Note that a user with this role, which doesn’t have update access to Docentric report setup provided via the Docentric AX Administrator or Power User roles, cannot configure Custom labels for reports.
On the other hand, users with assigned roles Docentric AX Administrator or Power User already have full access to User-defined labels.
Docentric AX Electronic Signature User This role has full access to Docentric functionalities regarding Electronic signature: Electronic signature certificates, Electronic signature appearances and Electronic signature appearance groups. Note that a user with this role, which doesn’t have update access to Docentric report setup provided via the Docentric AX Administrator or Power User roles, cannot configure Electronic signature settings for reports.
On the other hand, users with assigned roles Docentric AX Administrator or Power User have full access to Electronic signature already.

Role: Docentric AX Administrator

The Docentric AX Administrator role has full access to all Docentric securable artifacts: UI elements (menu items, forms…), and tables and fields.

Additionally, a user who has this role assigned can use Docentric Table Browser to:

  • Update (also in production) Docentric system tables with hidden parameters:
    • DocentricEngineSetting,
    • DocFeaturePreview,
    • DocTraceParam.

    Note that these tables, like all other AX tables, cannot be edited by using the built-in Table Browser in production environments.

  • View Docentric system tables, which are meant for logging and tracing:
    • DocUpgradeLog,
    • DocTraceTable.

    These tables can also be viewed if you have the System administrator role or if you are using the built-in Table Browser.

How to open Docentric Table Browser

A table can be open in the built-in Table Brower by using the SysTableBrowser menu item in the D365FO app URL:
https://usnconeboxax1aos.cloud.onebox.dynamics.com/?mi=SysTableBrowser&TableName=DocFeaturePreview&cmp=usmfTo use Docentric Table Browser instead, replace SysTableBrowser with DocTableBrowser in this URL:
https://usnconeboxax1aos.cloud.onebox.dynamics.com/?mi=DocTableBrowser&TableName=DocFeaturePreview&cmp=usmf

Roles: Docentric AX Power User and Template Editor

Template data security affects operations related to Docentric Templates (aka designs) and those roles which have privileges to work with them, which are Docentric AX Power User and Template Editor. Note that Template Data Security is not applied to users with the System Administrator or Docentric AX Administrator roles.

For example, if Apply Legal Entity constraint is turned on, only operations with Docentric designs (aka templates) associated with the current user’s company are allowed. Additionally, you can customize your custom Template data security constraint in X++ and activate it via the Apply custom constraints option. Learn more >>

Duties for Outgoing documents on Customer and Vendor Card

On Customer and Vendor card, under the General > Outgoing documents button group, we added a link to the corresponding outgoing documents such as invoices and orders that are saved in Print Archive. We also added a link to the outgoing emails addressed to the customer and vendor contacts that are saved in Batch email sending status. Besides System administrators, these menu items will be visible only to users that are assigned some of the custom duties listed below.

 

Duties for Print archive

In D365FO most users can view and delete reports from Print archive but only those printed by themselves. Since there is no built-in duty or role that covers maintenance or at least viewing of all archived reports, we were forced to introduce four additional privileges/duties you should use to allow your sales or purchasing agents/managers to access Print archive from Customer and Vendor cards:

  • DocCustPrintArchiveMaintain (Maintain Print archive per customer),
  • DocCustPrintArchiveView (View Print archive per customer),
  • DocVendPrintArchiveMaintain (Maintain Print archive per vendor),
  • DocVendPrintArchiveView (View Print archive per vendor).

Learn more >>

Duties for Batch email sending status

When opening the form by clicking General > Outgoing documents > Batch email sending status, it will show the records filtered by the selected customer or vendor. To enable users to have Maintain or View access to these records, they should be assigned one or more of the following duties:

  • DocCustSysOutgoingEmailTableMaintain (Maintain Batch email sending status per customer),
  • DocCustSysOutgoingEmailTableView (View Batch email sending status per customer),
  • DocVendSysOutgoingEmailTableMaintain (Maintain Batch email sending status per vendor),
  • DocVendSysOutgoingEmailTableView (View Batch email sending status per vendor).

Learn more >>

Duties for accessing Print archive from common journals

Extended built-in duties for downloading from Print archive

On common journals such as Invoice journal and Purchase order confirmations we added a multi-select button Print archive > Download for downloading archived reports. All users who can print the particular report (e.g. Customer invoice or Purchase order) can also be able to use the Download button on this journal. This is achieved by creating a new privilege Download archived reports from common journals (DocJourArchiveDownload) and extending the related built-in duties.

View and Maintain duty for opening Print archive

On common journals we also added a button Print archive > View that opens Print archive showing the corresponding archived report(s) previously printed and saved to Print archive. In D365FO most users can access Print archive but only to those reports printed by themselves. Since there is no built-in security artifacts for maintenance or viewing of all archived reports, we introduced two additional privileges/duties you should use to allow your users to access Print archive from common journals:

  • DocJourPrintArchiveView (View Print archive from common journals),
  • DocJourPrintArchiveMaintain (Maintain Print archive from common journals).

Learn more >>

Report Security

Since Docentric sits on top of SSRS, it is not responsible for securing SSRS reports that are enhanced by Docentric in terms of design and print destinations. Docentric simply inherits SSRS report security.

However, Docentric extends the built-in Print destination settings form with Docentric menu items, e.g. for opening forms for selection of placeholders or adding additional email attachments. To enable them to be visible to all users which are entitled to run a report and configure its print settings, we extended the basic role for system users - System user. Please see the next chapter for details.

Role Extension: System user

We extended the System user role by creating an extension role artifact SystemUser.Extension_DC with one additional privilege DocentricAXEssentials. This role is extended in the Docentric AX Extension model.

 

The DocentricAXEssentials privilege secure Docentric menu items (by giving them full control) that are used on:

  • The Print destination settings Security is inherited from the SSRS report which opens this form.
  • The Docentric AX workspace: DocPrintMgmtTile. Security for Print management setup is implemented in the code by using the existing built-in security for Print management.

 

Duty Extension: Maintain system settings

We extended the Maintain system settings duty by creating an extension duty artifact SysServerSettingsMaintain.Extension_DC with two additional privileges DocOutgoingEmailLogMaintain and DocOutgoingEmailMessageUpdateMaintain. This duty is extended in the Docentric AX model.

Next, this duty participates only in one role: Information technology manager (SysServerITManager).

 

The SysServerSettingsMaintain.Extension_DC duty extension enables Docentric improvements of Batch email sending status:

Learn about emailing reports using Batch email sending status >>

Improved License plate labels security

Learn about security for Docentric improvements of License plate labels >>

See also

SharePoint Extended Security >>
Security for Non-Reporting Features >>
How to Set Up Global Parameters >>
Docentric Report Setup >>

IN THIS ARTICLE