Security requirements for Exporting AX Server data tables
There are two different ways to access an AX Server data table (or tables):
- Method 1: Export the data table from AX Server and access it locally
- Method 2: Connect to the data table on AX Server
Security requirements for the two methods differ (explained in subsequent sections).
For both methods of accessing an AX Server data table, you use AX Client to export the table from AX Server. You can choose whether or not the data file is exported along with the table. ACL tables have two parts: the table (table layout) and the data file.
When you export from AX Server, an ACL project containing the table, with or without the data file, is automatically created for use locally in ACL Analytics.
To export a data table from AX Server, you must have at least
Read only permissions for the AX folder containing the data table you want to export or connect to. In Figure 1, AX Client user stas (ACLQA\stas) has Read only permission for an AX folder called New Folder.
Figure 1: Read only permissions for an AX folder
(For the full procedure for exporting from AX Server, see
Exporting items from folders.)
In the
Export dialog box (Figure 2), you must select
Export data files along with selected definitions. Select
Browse to specify the local folder where you want the automatically created ACL project to be saved.
If you select
Work with the exported file(s), The ACL project opens automatically after exporting is complete.
Figure 2: Export dialog box
Exporting a data table and accessing it locally does not require any additional security beyond
Read only permissions for the AX folder containing the data table.
During the export, the AX Service (ACL Analytics Exchange Windows Service) uses an HTTPS connection to extract the ACL project file (.acl) from the AX database, as well as to export the data file. Both items are placed in the local folder you specified.
In Figure 3, the ACL project (
New Folder_test), and the data file (
test.FIL), are shown in the local folder New Folder. ACL™s native data file format is .FIL. FIL files store data efficiently and the speed of exporting locally is good. Once the data file is exported, you can perform analysis of it directly on the local computer.
Figure 3: ACL project and data file in a local folder
To confirm that the data file is stored locally, open the ACL project in ACL Analytics, right-click the table, and select
Properties (Figure 4). In the
Table Properties dialog box, following
Location, the local path for the data file is displayed (Figure 5).
Figure 4: Table right-click menu
Figure 5: Table properties including data file path
(For the full procedure for exporting from AX Server, see
Exporting items from folders.)
In the
Export dialog box (Figure 6), do not select
Export data files along with selected definitions. The data file will continue to reside on AX Server and is called a
server table. Select
Browse to specify the local folder where you want the automatically created ACL project to be saved.
If you select
Work with the exported file(s), The ACL project opens automatically after exporting is complete.
Figure 6: Export dialog box
Connecting to a data table on AX Server (a server table) has several additional security requirements that need to be configured on AX Server. These requirements are explained in a subsequent section.
Export an ACL project file only
If you use Method 2, the result is that only an ACL project file is in the local directory you specify. The data file continues to reside on AX Server.
In Figure 7, the ACL project (
New Folder_test) is the only item created in the local folder New Folder.
Figure 7: ACL project in a local folder
Password prompt and error message
Before you configure the security requirements needed to connect to a server table, you will encounter a server profile password prompt (Figure 8), and an error message (Figure 9), when you open the ACL project. Enter your domain password in the prompt to see the error message.
Figure 8: Password prompt for an ACL project with a server table
Figure 9: Server connection error message
Server data file location displayed in the table properties
To confirm that the data file is stored on AX Server, right-click the table in the ACL project, and select
Properties. In the
Table Properties dialog box,
Name displays the location of the AX Server data files directory (e:\acl\data\repository\datafiles), and the numeric ID of the server table.
Location is
Not Applicable because the data file does not exist locally (Figure 10).
Figure 10: Server table properties
Configuring the security requirements for accessing AX Server tables
First, check that the
Server Profile configuration in ACL Analytics is correct. The configuration information in the
Server Profiles dialog box was automatically created when you logged in to AX Client for the first time. The information should have the same elements as those that appear in Figure 11, but with your personal and organizational information.
Figure 11: Server Profile configuration information
To configuring the security requirements for accessing AX Server tables:
- Do one of the following:
Create a domain user group specifically for AX users.
Create a local Users group on the server housing AX Server and add AX users to the group.
Example of a local Users group:
- Assign Allow log on locally rights to the group by doing to following on the server housing AX Server:
- Open the Local Security Policy utility.
- Browse to Local Policies\User Rights Assignment, right-click Allow Log on locally and select Properties.
You will see a Property below:
- Click Add User or Group.
- Add the group you created for AX users.
For example:
- Grant the folder permissions for the group show in the table below.
| Folder permission | Example |
| Full control for ACL\Data\aclse |  |
| Read Only for the ACLSE Conf folder |  |
| Read Only for the repository datafiles folder |  |
- Reboot the server housing AX Server to ensure that the Windows folder permissions are updated correctly.
Users should now be able to open ACL server tables from ACL Analytics.
Technical details
To access ACL server tables, ACL Analytics uses the ACL Analytics Exchange Connector Windows service on the server housing AX Server. The service uses an Impersonation access token that allows a server application to temporarily "be" the client in terms of access to secure objects. The service uses domain user credentials to log in and create .FIL files (ACL native data files) in the AX Server prefix location (ACL\Data\aclse\<
user name>) when running preliminary analysis on a table, and it uses the domain user to access the Repository and aclse\Conf folders.
