AOS Security
In Microsoft Dynamics AX, the Application Object Server (AOS) can protect the database from security threats because clients connect to the database only through the AOS. There are several security advantages when you use the AOS. This topic describes AOS security advantages and best practices for the AOS.
The following list describes security advantages when you use the AOS.
-
No direct access to the database. The client configuration does not store the information that would enable it to connect to the database.
-
Built in data encryption based on common standards.
-
Standard Microsoft security measures are used.
-
Only valid Microsoft Dynamics AX users can log in using Active Directory service.
-
A table permissions framework avoids unauthorized access to system tables. Control access to tables in the table property sheet using the AOSAuthorization property.
When installing the AOS, the setup program will ask for a domain account. The AOS must have separate domain accounts that have sufficient user rights and permissions.
Note |
|---|
|
You can change the AOS domain account later in Services. These changes must also be made in the database for the new AOS user account. |
The AOS account must be a user in the database and must be assigned to the following database roles:
-
db_ddladmin
-
db_datareader
-
db_datawriter
In addition, the AOS user must have the following user rights and permissions to execute stored procedures in the database:
-
createserversessions
-
createusersessions
Note