Extensible Data Security (XDS) Role Base Security 2012 & D365FO
Overview
The Extensible Data Security policy framework is the Application Foundation framework provided by Microsoft Dynamics AX 2012 (new feature) in addition to the role-based security in order to secure the data.
Dynamics AX Admins and developers can use the security policies to block access to specific rows in a table. In the AOT, policies can be found under node Security > Policies.
XDS policy can be utilized for setting security privileges on the global address book.
Model of Extensible Data Security ( Source Link)
XDS concepts
Primary Table
A primary table is any table that will be used to restrict data in the constrained table. It is the table that is specified in the policy query.
Constrained Table
A constrained table is a table on which data filtering is applied. It can be a primary table or a table that is related to the primary table.
Policy Query
Policy query helps to secure data in the constrained table defined in the XDS. It is used to fetch data from the primary table, which is then used to restrict data in the constrained table.
Context
Context is the most important part of XDS without which security policy will not be applied. It defines the context in which security policy will be applied. It can have three possible values:
- ContextString: Defines a specific application context on which security policy will be enabled. It is also called an application context.
- RoleName: Defines that the security policy will only be applied to a particular Role in the application.
- RoleProperty: Used to define multiple Roles for a single security policy.
Important
- Role Base security will remain the same for AX 2012 & D365FO
- In this blog, we will focus on RoleName Context.
Let's Begin!
In this demo, we are Implementing XDS on Purchase Order and restricting with the warehouse. Initially, we will implement XDS with a static Warehouse range.
As part of this tutorial, security policy will be applied to the XDS Purchase Order Security Role role
Steps
- First, create a new Policy query. Open AOT Queries
- Right-click on Project and create a new Query XDS_PurchaseOrder
3. Open Query Add New Data-Source Purch Table
4. Set Dynamic Fields No and Manually Select One Field PurchID to Make sure performance will not hurt with your implementation.
5. Add Range and select InventLocationId and set value properties. In my case, I have set the value 9221122W.
6. Save the query (In Next Blog We will work with dynamic Range which user can control from UI Level)
7. Now next step is to create a security Role
8. Right click on Project and create a new Role XDS_PurchaseOrderSecurityRole
11. select security from the side panel and create Security Role and set the role proprieties Like the below screenshot.
Important
No privilege required
12. Now next step is to create a security Policy
13. Right-click on Project and create a new security policy SLD_TransferOrderSecurityPolicy
14. select security from the side panel and create a Security policy.
15 set the security policy like below screenshot.
Now Build The Model and Sync Database if you are working on D365 and reset the IIS.
Go to Systems Administrator > Users Form and assign a newly created Role to any user, To whom you want to perform testing.
Enjoy.... :)
Important
XDS security will not work if the user has a Systems Administrator role.
In Case of any issue, you guys are facing during the implementation of this blog... Feel free to ping me.
Informative blog.
ReplyDeleteMicrosoft Dynamics AX Online Training
Hi,
ReplyDeleteThanks for the post.
Where is the blog where you said you will work with dynamic Range which user can control from UI Level?
Thanks for such a valuable information. Informative blog.
ReplyDeletedynamics 365 training