We are in the process of implementing Axapta 3.0 and have found a major security flaw in the Axapta Portal due to which we cannot implement right now.
If I login to the portal with my user name and password, I see all my personal details as well as salary information. However, the url in the address box clearly displays my employee id and if I change the id to someone else’s Id and hit Enter, I can see that employees data on my screen.
Anyone faced this before? And if so, any solutions please.