An Enterprise Portal Web site uses Windows SharePoint Services components to build the Web pages. In SharePoint terminology, a Web Part page (SharePoint Web page) is assembled using Web Parts. Web Parts are the basic building blocks of a Web Part page and are easy to reuse, share, and personalize.
The Web Parts for Microsoft Dynamics AX include the following:
- Web Form
– Web Part that hosts a Web form for Microsoft Dynamics AX (a display web content item) on the Enterprise Portal site.
- Web Report
– Web Part that hosts a report or Web report for Microsoft Dynamics AX (output Web content item) on the Enterprise Portal site.
- Web Menu
– Web Part that hosts a Microsoft Dynamics AX menu on the Enterprise Portal site.
- Box Menu
– Web Part that hosts a Microsoft Dynamics AX menu on the Enterprise Portal site. A box menu can include descriptive text for each item in the menu.
- Generic Web Part
– Web Part that can host any Weblet for Microsoft Dynamics AX.
- Page Title
– Web Part that hosts the page title. By default Enterprise Portal Page templates have Page Title Web Part embedded.
Enterprise Portal Web Part pages are grouped to ensure a consistent and uniform layout for the user throughout the portal. A schematic view of the layout is displayed in the following diagram.
Role Center pages contain Web parts, which are the individual pieces that display information on the page. You can add Web parts to Role Center pages, and customize the individual Web Parts to create a page that fits your needs.
For more information about Web parts and pages, see the online help for Microsoft Windows SharePoint Services or Microsoft Office SharePoint Server.
Role Centers include the following standard types of Web parts that display business data from Microsoft Dynamics AX.
- Quick links – Quick links Web parts display links that are relevant for users in your role. The links provide access to forms, reports, list pages, and Web pages that you frequently use. These can be modified to meet your needs. For more information, see Manage quick links in the online help.
- Cues – Cues Web parts display a visual representation of your workload and provide an overview of your remaining work items, such as sales leads, overdue activities, and other tasks. You can create and modify the Cues, which are saved filtered views of form or list page information. When you click a Cue, the associated form or list page opens with the filtered view displayed. For more information, see Manage Cues in the online help.
- Work lists – Work lists display alerts, Workflow work items, and activities that you can act on or need to be notified about. Use this list to view the status of these items and see when action is required. For more information, see Alerts, Workflow, and Create an activity in the online help. When you click the links in the work list, information about the list item is displayed. For more information about work lists, see Manage and use work lists in the online help.
- Reports and key performance indicator (KPI) lists
– Reports Web parts display Microsoft SQL Server Reporting Services reports and charts that display Microsoft Dynamics AX information from the database or from online analytical processing (OLAP) cubes that are set up in SQL Server Analysis Services. You also can use these Web parts to display lists of KPIs, which are business metrics that can be summarized in terms of a comparison, goal, value, and status. For example, use a KPI to compare actual expenditures with budgeted amounts. For more information about reports and other business intelligence features, see Reporting in the online help. For information about specifying which report or KPI information to display, see Manage report and KPI list views in the online help.
Business overviews – Business overview Web parts display measures (calculations) from the OLAP cubes, and compare those measures for various periods. They also display KPIs that include period comparison information. For example, use this Web part to display information about this month’s sales versus last month’s sales. For more information, see Manage and use business overview information in the online help.
Enterprise Portal User Access
The following diagram illustrates how the combination of Microsoft Active Directory, SharePoint Services, and Microsoft Dynamics AX access control services and features controls user access and the content available using Enterprise Portal.
The authentication and granting access to Enterprise Portal process begins when a user attempts to log on to the network (see the arrow 1). The user’s credentials must be listed in Active Directory on the domain controller.
- If the user is not listed in Active Directory, the user cannot access any resources on the network.
- If the user is listed in Active Directory, the user can attempt to access the Enterprise Portal site using a Web browser.
The IIS Web server then receives the request for the Enterprise Portal page (see the arrow 2). The Web server verifies whether the user is listed in Microsoft Dynamics AX 2009 and in Windows SharePoint Services or Office SharePoint Server to determine if the user can access the Enterprise Portal site.
- If a user is not listed in both, that user is denied access to the site.
- If the user is listed in both, that user can access the site, and the Web server sends a request to the AOS server to determine which data and content should be displayed (if any).
The AOS server then receives the request for Microsoft Dynamics AX 2009 data (see arrow 3).
- If the user is not listed in any Microsoft Dynamics AX 2009 groups, the user sees an empty Enterprise Portal page in their Web browser.
- If the user is listed in one or more groups, the Enterprise Portal page displays content and data defined by the user group permissions.
The Enterprise Portal security components in an extranet deployment can include one or more firewall devices and multiple domain controllers, but the process of determining page access and the content shown on pages is the same.
Initially, only the administrator who installed Enterprise Portal can access the Web site. The process for configuring Enterprise Portal security involves giving users access to the Web site and assigning users to Microsoft Dynamics AX 2009 groups so they can view content on the site.
Perform the following procedure to configure Enterprise Portal security:
- Install Enterprise Portal.
- Add users to Active Directory. If your organization has Microsoft Dynamics AX 2009 already installed, users might already be in Active Directory. If a user is listed in the Users form and the Enabled option is selected, then they already exist in Active Directory.
- Enable the default Enterprise Portal user groups (a subset of the Microsoft Dynamics AX 2009 user groups) by following the Enterprise Portal Configuration Wizard.
- Add users to groups according to each user’s role in the company.
- Assign users access to the site. For more information, see Giving users access to Enterprise Portal sites.
- Specify user relations (required for the Shop Floor Control and Human Resources module sites).
- Microsoft Dynamics AX 2009 uses permissions and security keys to determine who has access to the data and the Web displayed content using the Enterprise Portal.
- Security keys are created in the Microsoft Dynamics AX Application Object Tree (AOT) and then assigned to various user groups on the User group permissions form.
- Microsoft Dynamics AX partners and developers can create security keys depending on how the organization wants to control the permissions and Enterprise Portal Web displays.
- It may be best to assign all the Web content objects and Web menu items on the Enterprise Portal to one of the security keys created for Enterprise Portal. When the security keys have been created and assigned to the Web menu items and Web content objects in the AOT, administrators can use the User group permissions form to set permissions for the Web menu items and Web content objects.
Set Enterprise Portal Permissions
- From a Microsoft Dynamics AX client, click Administration > Setup > Security > User Group Permissions.
- On the Overview tab, select a user group and then select a domain.
- Click the Permissions tab. In the Viewing box, select Security (incl. Web).
- Expand the node for the security key that protects the Web content object or Web menu item for which you want to set the permissions.
The root entry for each node in the list box is a security key, followed by child security keys or end AOT elements that are protected by that security key.
- Select the check boxes for the Web content object and the Web menu item for which you want to set permissions.
- Under Access, select a permissions level. When you select a permissions level, the selected item shows a check mark to indicate permissions have been set.
- Click the Cascade button to make sure all dependent keys are set and to inherit this permission level to all child tables, forms, and nodes.
- Close the form to save changes.
Be sure to assign the same permissions to both the Web content object and the Web menu item that points to that content object.
- If access is allowed to the Web menu item only and not to the Web content object, then the end-users in this group can view the menu item where appropriate. But the page it points to does not display the content from this Web content object.
If access is allowed to the Web content object only and not to the Web menu item, then the end users in this group can use this Web content object in their own Web part pages. However, they do not have access to the Web menu item that points to the page.
The following best practices help you maintain a more secure Enterprise Portal environment.
- Configure your servers to automatically download and install updates from Microsoft Update. If your organization prefers not to install updates automatically, schedule a regular time to review and install updates.
- Verify with management each user’s role and Microsoft Dynamics AX 2009 group assignments. If you add a user to the wrong group, that user could have access to data and content that is not intended for them. If necessary, review the About Enterprise Portal roles and user groups topic with management to create an accurate list of each user’s role and corresponding group assignments.
- If a user leaves your organization or company, either remove them from Active Directory, the SharePoint site, and the list of users in Microsoft Dynamics AX 2009, or disable the user account. If you disable the user account, then this leaves an historical record of the user. In many areas of the application, a record may have a „created by” or „modified by” field to each record showing who created it. By not removing the user from the database, this information is still available.