AX for Retail 2012 R2: Password maintenance in the POS
A new feature introduced in AX for Retail R2 CU7 is password maintenance in the POS. This means that users can change their own password and store managers can reset passwords for staff in their store. Here are a few tips to get started with this new feature.
First of all there is a minor issue that you need to take care of in AX before you can add the new operations to buttons in the screen layout. If you go to your button grid layout designer and attempt to add either of these two operations to a button you will notice that the operations do not appear in the selection list. This list is defined by the RETAILOPERATIONS table, which is normally populated during the Initialization process (Retail Parameters window). However, the two new operations and permissions were left out of the seed data (we’ll get that taken care of in a future release) so they need to be created manually.
To create the Permission IDs:
Open a new Developer Workspace and navigate to Data Dictionary > Tables > RetailPermissions. Right-click on the table and select Open. Create the two new records below.
PermissionId = 1028, PermissionName = "AllowPasswordChange"
PermissionId = 1029, PermissionName = "AllowResetPassword"
Note: the PermissionName must be spelled exactly as shown as it must match the column names in the RetailPosPermissionGroup table.
To create the Operations:
Open the Operations window (Retail > Setup > POS > Operations) and create two new records:
Operation ID = 1215, Operation Name = "Change Password", Permission ID = 1028 (AllowPasswordChange), Check User Access = true, User Operation = true
Operation ID = 1216, Operation Name = "Reset Password", Permission ID = 1029 (AllowResetPassword), Check User Access = true, User Operation = true
To give users access to either of these two operations open the Permissions Groups window (Retail > Setup > POS > Permissions Groups) and mark either of the two new permissions for a permission group:
To add the operations to a button open the Button Grids window (Retail > Setup > POS > Button Grids) and open the Designer for one of your grids. Right-click > Properties on any button and then open the Action drop-down. You should now see your Change Password and Reset Password operations:
After creating the two new buttons push down all changes to the POS databases using either the N-1090 or A-1090 job (the subjobs for RetailPermissions and RetailOperations are included in these jobs) and either the N-1060 or A-1060 job (which includes the RetailPOSPermissionGroup table).
Once everything has been pushed to the POS you can now see the operations available to the user. The two forms are pretty standard "change password" forms:
When the user changes either their own or someone else’s password it will be changed in both the local database and in HQ (using the Real-time Service). Passwords will not replicate to other stores until the either the N-1060 or A-1060 job is run for other stores.
In addition to letting users and store managers change passwords in the POS, an administrator in AX can force the user to change the password on their next login. This is done by going to the worker form and marking the "user needs to change the password at next logon" checkbox:
After the N-1060 or A-1060 job as has run the user will get prompted the next time he or she logs into the POS:
Some miscellaneous notes:
- The Change Password operation uses the standard POS security model; the user will be prompted for manager credentials if he or she does not have access. However, in order to use the Reset Password operation the user has to have the permission explicitly granted. Manager privileges are not sufficient.
- If you are upgrading from a version previous to CU7, the new columns in the RetailPOSPermissionGroup table will be missing from subjobs and will not replicate. This can be corrected by re-initializing the Retail seed data (Retail > Setup > Parameters > Retail Parameters > Initialize button) or by manually updating the Transfer Field List for the BDDP-RPPG and ADDP-RPPG subjobs.
- Changing the password from the POS requires an active link to HQ via Real-time Service. This is true even if you are not using local authentication ("Commerce Data Exchange: Real-time Service staff" is unchecked on the Real-time Service profile).
- This new feature also includes the ability to define password strength requirements. If you are using numeric PINs for authentication at the POS, this will mainly mean minimum password length, but you may also require uppercase letters, special characters, and numeric characters if you are allowing text passwords. These settings are in the Retail Parameters window and are only enforced at the POS (temporary passwords set for new workers in AX do not follow these restrictions).
Hopefully you will find this a very useful new feature in the product – it should definitely be appreciated by AX administrators working with many workers across many stores! Feel free to leave comments below if you have any questions.