Extensible Data Security examples for Microsoft Dynamics

The last few months, I did spend a lot of time on speaker sessions for the Summit EMEA, MVP Monday webcast and a coming Dutch Dynamics Community event. In the meantime, it was also extremely busy completing work. One of the topics I talked about recently, is eXtensible Data Security (XDS) in Microsoft Dynamics 365 for Finance and Operations and Microsoft Dynamics AX 2012.

Code examples

There is not that much written related to this XDS topic. You may find two white papers and some blogs posts on this topic. One whitepaper also describes an example how to restrict financial dimension values.

Developing Extensible Data Security Policies (White paper) [AX 2012]

Securing Data by Dimension Value by using Extensible Data Security (White paper) [AX 2012]

As there is in general not that much knowledge and experience, I decided to share my knowledge in this area on some events and now also using my blogs.

I did create and demo some examples what can be achieved using XDS. During the sessions related to this topic, I promised to share these examples. The examples created do have the next features:

  1. Secure legal entities
    When you do assign security roles with organizations assigned, by default a user can still see them all in the Legal entities form. This policy has the ability to limit it to only those assigned to the user.
  2. Warehouse security
    This example show how you can achieve some record based security on warehouses and sites. It uses a custom setup form to specify the warehouses linked to a user.
  3. Retail channel security
    This example is combining the organization hierarchies, security organization assignment and XDS. Quite a powerful example which could be an inspiration for you.

Detailed information how to use these examples and an explanation how they are created will be posted in separate blogs. Watch them coming or come back on this page where the links will be updated. Also, the list with examples might grow in future.

At this moment, I can share the examples based on AX2012 and they reside on my OneDrive. The same features for Dynamics 365 for Finance and Operations will be added in the future. The location of the code examples might change in future, so ensure to bookmark this page to be able to find the examples anytime. Currently, you can find them on this location: My OneDrive DynamicsShare

If you want to explore these examples, feel free to download and use it. The software is provided as-is and you cannot obtain any rights if something is not working correctly. You have to ensure you will install the examples in a separate environment first and test it carefully. If you have questions or feedback, feel free to add comments or send a message.

 

 

That’s all for now. Till next time!

 

Microsoft Dynamics CommunitySubscribe to this blogger RSS FeedMy book on Merging global address book records in AX 2012

Comments6
  1. DamienJuly 27, 2018   

    Hi,
    Thanks a lot for your article.
    If a customer has X companies in D365FO, and would like to grant access to some sensitive data (item groups) only to a group of users. Let’s say the customer would like to use the same rule across all companies. Does he need to setup X time policies in XDS or one policy rule can cover all companies?
    Moreover in D365, main tables cannot be share by default across all companies. Mainly sub tables like customer or vendor groups can be and not sure about security roles.
    Regards
    Damien

    • André Arnaud de CalavonJuly 27, 2018   

      Hi Damien,

      Thanks for reading the blog and your question. I just released a new blog about warehouse security. There is a similar situation here as warehouses can be the same or different per legal entity. The example shows an option how to restrict this with one policy (in this example two to have different behavior per group of tables). https://kaya-consulting.com/extensible-data-security-examples-secure-by-warehouse/

      kind regards,

      André

Leave a Comment!

Your email address will not be published. Required fields are marked *