29.10.2007, 10:50 | #1 |
Участник
|
Inside Dynamics AX 4.0: Security
Источник: http://feeds.feedburner.com/~r/Insid...curity_28.html
============== In the EP, Dynamics AX security is layered on top of, and depends on, the security of underlying products and technologies, such as Windows SharePoint Services and IIS. For externally facing sites, communication security and firewall configurations are also important for helping to secure the EP. The EP has two configurations in its site definition. The first configuration in the site definition, referred to as Microsoft Dynamics Public, allows Internet customers or prospective customers to view product catalogs, request customer accounts, and so on. The second configuration, referred to as the Microsoft Dynamics Enterprise Portal, is the complete portal for self-service scenarios involving intranet or extranet users for authenticated employees, vendors, and customers. The Microsoft Dynamics Public configuration has anonymous authentication enabled in both IIS and Windows SharePoint Services so that anyone on the Web can access it. To connect to Dynamics AX, it uses a built-in Dynamics AX user account called Guest. The Guest account is part of the EP Guest user group, which has limited access to Dynamics AX components necessary for the public site to function. The Microsoft Dynamics Enterprise Portal configuration has Integrated Windows authentication or basic authentication over Secure Sockets Layer (SSL) enabled in IIS and Windows SharePoint Services. This secured site restricts access to users with Active Directory directory accounts who are configured as Dynamics AX users with Web site access enabled for that particular site by the Dynamics AX administrator. You use the User Relations dialog box (accessed from Administration\Setup) to configure users with an employee, vendor, or business relation, or a customer account and contact. Then you can grant them access to the EP sites through Site groups for that Windows SharePoint Services EP site. Both types of EP site use the Business Connector proxy account to establish connections to the AOS. The Windows SharePoint Services application pool must be configured with a Microsoft Windows domain user account, and this account must be specified as the Dynamics AX Business Connector proxy account for both sites to function. After the connection is established, the EP uses either LogonAsGuest or LogonAs, depending on the type of EP site for the current user, to activate the Dynamics AX security mechanism. Dynamics AX provides various means and methods to limit user access, such as placing restrictions on individual tables and fields, limiting the availability of application features through configuration keys, and controlling user-level security with security keys. EP security is role based. This means that you can easily group tasks associated with a business function into a role, such as Sales or Consultant, and assign users to this role to give them the necessary permissions on the Dynamics AX objects to perform those tasks in the EP. To give users access to more functionality, you can assign them to more than one role. The Enterprise Portal Configuration Wizard imports the predefined user group rights from the Resources node in the AOT. This set of roles can easily be extended by importing the user group permissions into the AOT under the Resources node. You assign a user to a role by simply adding the user to the corresponding user groups. In addition to the Dynamics AX elements, the EP includes SharePoint lists and document libraries, which are secured with SharePoint site groups. The Dynamics AX user groups play no role in controlling access to the SharePoint lists and documents. However, for consistency and simplicity of the EP roles concept, a standard set of SharePoint site groups provides access to a specific set of document libraries and lists when the site is created. You can add new roles by modifying the XML file in the AOT under the Web Files node. Based on their SharePoint site group membership, Dynamics AX users are granted various levels of permission on these Windows SharePoint Services objects. In below image shows the sequence of interactions between the EP components. The EP sequence </img> </img> </img> </img> </img> Источник: http://feeds.feedburner.com/~r/Insid...curity_28.html
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору. |
|
|
Опции темы | Поиск в этой теме |
Опции просмотра | |
|