Security configuration in AX 2012 MDM

  • Article

Here is the quick overview of security configuration for Microsoft Dynamics AX 2012 Master data management (MDM) feature.

Security Configuration
MDM requires multiple security settings to work correctly, ensure that the following user accounts have correct privileges.

AOS service account permission for Data Import/Export service
The AOS service account that runs import/export must be part of Data Import/Export Framework Users local group. If you get a security exception when validating DIXF, it is mostly likely that AOS user (usually Network Service) is not part of the group. Make sure that you add AOS user to the group in Computer Management. Restart AOS.

Verify: Open Data import/export framework > Setup > Data import/export framework parameters, and then click Validate.
If the connection is configured correctly, the box will turn green.

Grant the DIXF service account permission to the SQL Server Master Data Services web service and database

Master Data Services Web Application

The Data import/export service account must be configured to have function permissions in Master Data Services so that it can push and pull data and create schemas. To enable these permissions, perform the following procedure:
1. Open the Master Data Services web application.
2. Click Users and Group Permissions.
3. Add the DIXF service account user.
4. Select the DIXF service account user.
5. Click Functions.
6. Click Edit.
7. Assign the following functions:

  • System Administration
  • Version Management
  • Integration Management
  • Explorer

Best Practices: In a production environment with all entities configured, we recommend that you remove the functions from the service account, and instead assign specific model permissions for reading and writing data to models.

  • Assign Update permissions for each model in environments in which you both pull and push data.
  • Assign Read-only permissions for each model in environment in which you only pull data.

Verify: Log in with the DIXF service account on the local machine, and open the Master Data Services web application and verify that the user has access.

Master Data Services SQL Server database
Assign the following database roles to the DIXF service account in the Master Data Services database:

  • MDM_Exec
  • MDS_Exec
  • DB_DataReader
  • DB_DataWriter
  • DB_DDLAdmin

Verify: Connect to the Master Data Services database using SQL Server Management Studio and the DIXF service account to validate database connectivity.