2

In direct mode, what permissions does the Business Connector use?

In AX 2009, the Business Connector can run in direct or indirect mode.

In indirect mode, you use LogonAs to impersonate an AX user, and you inherit all their permissions. I understand that, it makes sense; I'm good with it.

Now... in direct mode, the Business Connector runs under the proxy account, which (by the installation checklist) cannot be associated with a user account in AX. So, what permissions do you have in AX while in direct mode--unlimited access to all tables and classes?

Two more items:

The AX documentation lists four security keys for controlling the Business Connector: SysCom, SysComData, SysComExecution, and SysComIIS. However, these keys aren't assigned to any objects, user groups, or tables in AX. How do they come into play? You can't assign more than one key to an object in the AOT, and I definitely won't be removing my standard keys to add in Business Connector keys.

I also have a reference book, Inside Dynamics AX 2009. Great book, but the explanation for direct mode makes even less sense. "The direct approach uses the credentials of the current Dynamics AX User." WHICH USER? We have a client application server using the Business Connector to connect to an AX server with hundreds of users. In direct mode, does the Business Connector just pick rights from any logged in user at will? What if no users are logged in?

So. If anyone understands it. I'd really like to understand.

Thanks!

Brad
  • 1,357
  • 5
  • 33
  • 65

1 Answers1

1

"The direct approach uses the credentials of the current Dynamics AX User." - When using AX BC, it is usually for connections that exist outside of AX (SSRS, EP, Rolecenters, Workflow). BC acts as a proxy for the user. Meaning if you log into the SSRS Website and attempt to run a report, the BC will act as your account and will have the same access to the data and tables within AX that you would have.

Michael Brown
  • 2,221
  • 2
  • 17
  • 34
  • In fact, the installation guides says explicitly that the Business Proxy account shout NOT (I repeat, NOT) be added as a regular user in AX. Having said that, I know a few systems who dependent on that "rule" being broken. – Skaue Jan 20 '12 at 14:26
  • Thanks for the responses. I understand what you both are saying; this is actually the source of my original question. We have a service that runs under a system account and connects to AX. The system account the service runs under does NOT have an AX account, yet everything still works when the service, not an end user, connects to AX via the Business Connector. So... what permissions is it using? – Brad Jan 20 '12 at 14:34
  • 1
    Did you use the BC account as the Sync account within AX? If so, it creates a user called Sync which is actually the BC account. I have seen this on several systems. – Michael Brown Jan 20 '12 at 14:45
  • Really... a Sync account? Lots of capabilities, but AX is a very strange animal. Thanks for the help, guys. – Brad Jan 20 '12 at 14:59