Extensible Data Security examples – Secure by retail channel

When I initially learned AX 2012, before it got released, I was quite enthusiastic about the security changes and the organization hierarchies. Then also I learned about the eXtensible Data Security (XDS) concept. While working on one of my first AX2012 implementations, I also had to do a presentation for a Dutch community. The topic was about the Organizations and Hierarchies. While preparing the session, I suddenly got the idea to combine security role assignments, organizational hierarchies and XDS. After the presentation, I lost the demo and objects used at that time. For another presentation during the Summit EMEA in Dublin this year, also about organizational hierarchies, I decided to create a new demo. In a former blog, you can find the link for downloading the objects for this example. (Extensible Data Security examples for Microsoft Dynamics) 

In this blog, I will explain you how this “Secure by retail channel” works functionally and technically.

What it does functionally

A few years ago, I created a demo which would give a user access to specific sales orders belonging to a certain department or sub departments, based on the organizational hierarchy. In this example, I used a persona called David, which is setup as a Retail Operations Manager.

For the demo I used out of the box examples, like the Retail operations manager role and an organization hierarchy. The retail operations manager is at least able to see the retail stores and related transactions. Now assume that in this organization there are multiple retail operation managers which are responsible for their own group of retail channels/stores. It was decided to restrict access so, they can only view data related to their own channels/stores. The Contoso demo data, has about 35 retail stores.

Secure by retail channel

Out of the box, this was not possible, so a customization was needed to be able to restrict the access. After the development is completed (details provided below), the solution is working in the next way:

  1. Organization hierarchy “Retail Stores by Business Unit”.

The organization model is based on Retail channels and has an example of dividing the stores into three main groups.

Secure by retail channel

You only need to add this hierarchy to the organization hierarchy purpose Security.

Secure by retail channel

  1. Add the Retail Operations Manager role to David and assign organizations. For your understanding, assigning organizations to security roles granted to a user is not limited to legal entities only. Microsoft did only implement the legal entity assignment to be able to limit access per company.
    In this example, we will assign the business unit “Fashion” including children. You could also add the retail stores separately or some business units and some stores.

Secure by retail channel

  1. Now when David logs in, he will only see the retail channels granted via security.
    Secure by retail channel
    The hierarchy showed 4 channels where the screenshot shows only two. This is due to having one online store and one call center which are not shown in this view.

 

The technical part

To be able to create the security policy, there is a need for a MyContruct table where the Retail channels per user can be stored. This table has only two fields and coding in the XDS() method will take care of inserting the records.

Secure by retail channel

The coding has some multiple sections to handle multiple scenarios like no organization assignments for this user, retail channels or a certain tree node with children.

During the first call on the MyRetailChannels table, it will build a temporary table for the user where all retail channels will be exploded from the hierarchy and then can be used for the security query object and the security policy.

The example is limited to retail channels only. Possibly you need to extend it with multiple constrained tables. I didn’t include them as the main goal was to limit records based on security settings and organization hierarchies.

 

I’m pretty excited that it is possible to achieve this powerful example with limited number of objects and coding.

 

All objects for this retail channel security example can be found on my My OneDrive DynamicsShare. If you want to explore the examples, feel free to download and use it. The software is provided as-is and you cannot obtain any rights if something is not working correctly. You have to ensure you will install the examples in a separate environment first and test it carefully. If you have questions or feedback, feel free to add comments or send a message.

 

 

That’s all for now. Till next time!

Leave a Comment!

Your email address will not be published. Required fields are marked *