Most presentations I have made during the last few years have involved one or more personas. Shannon the machine operator, Lisa the Customer Service representative, Charlie the CEO, Lars the Shop supervisor etc.etc. At a presentation a few years back I had to introduce a new persona which we didn’t have in our normal persona catalog: David “The criminal employee”. I hope that the millions of other David’s out there have not taken offense.
The demo I did was on the Electronic signature functionality that we introduced in AX 2009. I used the vendor bank account to illustrate the point. The Vendor bank account is obviously the place where we register avendor’s bank account and I believe that in the history of business there has been some examples of misuse of that information. Keeping a very tight understanding of all changes to this specific table combined with the standard AX security framework should hopefully prevent the David persona from performing his “role”.
The setup of the electronic signature is very simple and it can be completed under Organization administration/Setup/Electronic signature. Enter a Notice in the Electronic signature parameters and a few reason codes and the general setup is complete.
Next step is to identify the table we wish to secure. With my example of the vendor bank account I go to that form and identify the relevant data source. In this case it is the VendBankAccount Table I am interested in
In the Electronic signature requirements also under Organization administration/Setup/Electronic signature I add a new Signature requirement where I point to the VendBankAccount table. I can choose to let the signature track the entire record or a single field on the record and I can limit my tracking to, for example, only updates.
As the next step we must set up the employee with a certificate allowing the user to sign records. This is a user option which can be set up either for the current user under File > Tools > Options or for all users under System administration > Common > Users > Users > Options
Select “Get certificate” and pick a password. The password is validated so please pick something better than “123”, “password” etc.
It is also possible here to designate an approver. Essentially, this allows for a “call your boss over have him/her sign the change”.
All set. After a restart we go ahead and make a change to the vendor bank account. I get a “sign document” dialogue and enter a comment and a reason code for my change:
And not least I enter my password:
I have successfully changed a vendor bank account! Let’s have a look at what has been recorded. Under System administration > Inquiries > Database > Database log I can see a record of what has been changed when and by whom:
On the History tab I can also see the previous and the new value:
If I want to, I can print my changes using the System administration > Reports > Database > Database log although I may wish to modify the report query to exclude a few fields:
I now hope that my David persona has been effectively thwarted by a thorough tracking of his actions.