Extensible Data Security examples

The last few months, I did spend a lot of time on speaker sessions for the Summit EMEA, MVP Monday webcast and a coming Dutch Dynamics Community event. In the meantime, it was also extremely busy completing work. One of the topics I talked about recently, is eXtensible Data Security (XDS) in Microsoft Dynamics 365 for Finance and Operations and Microsoft Dynamics AX 2012.

Code examples

There is not that much written related to this XDS topic. You may find two white papers and some blogs posts on this topic. One whitepaper also describes an example how to restrict financial dimension values.

Developing Extensible Data Security Policies (White paper) [AX 2012]

Securing Data by Dimension Value by using Extensible Data Security (White paper) [AX 2012]

As there is in general not that much knowledge and experience, I decided to share my knowledge in this area on some events and now also using my blogs.

I did create and demo some examples what can be achieved using XDS. During the sessions related to this topic, I promised to share these examples. The examples created do have the next features:

  1. Secure legal entities
    When you do assign security roles with organizations assigned, by default a user can still see them all in the Legal entities form. This policy has the ability to limit it to only those assigned to the user.
  2. Warehouse security
    This example show how you can achieve some record based security on warehouses and sites. It uses a custom setup form to specify the warehouses linked to a user.
  3. Retail channel security
    This example is combining the organization hierarchies, security organization assignment and XDS. Quite a powerful example which could be an inspiration for you.
  4. Project responsible (added June, 2021)
    This example shows how to restrict projects for all projects where a person has a responsibility. An example which can be created in 5 minutes.

Detailed information how to use these examples and an explanation how they are created will be posted in separate blogs. Watch them coming or come back on this page where the links will be updated. Also, the list with examples might grow in future.

At this moment, I can share the examples based on AX2012 and they reside on my OneDrive. The same features for Dynamics 365 for Finance and Operations will be added in the future. The location of the code examples might change in future, so ensure to bookmark this page to be able to find the examples anytime. Currently, you can find them on this location: My OneDrive DynamicsShare

If you want to explore these examples, feel free to download and use it. The software is provided as-is and you cannot obtain any rights if something is not working correctly. You have to ensure you will install the examples in a separate environment first and test it carefully. If you have questions or feedback, feel free to add comments or send a message.

That’s all for now. Till next time!

10 replies
  1. Damien
    Damien says:

    Hi,
    Thanks a lot for your article.
    If a customer has X companies in D365FO, and would like to grant access to some sensitive data (item groups) only to a group of users. Let’s say the customer would like to use the same rule across all companies. Does he need to setup X time policies in XDS or one policy rule can cover all companies?
    Moreover in D365, main tables cannot be share by default across all companies. Mainly sub tables like customer or vendor groups can be and not sure about security roles.
    Regards
    Damien

    Reply
  2. Jawwad
    Jawwad says:

    Hi Andre

    Is there a way to setup XDS on financial reports? We have alot of reports and we would like to restrict the output by showing limited GL values to users based on the GL allowed to their roles using XDS.

    Thanks in advance

    Reply
    • André Arnaud de Calavon
      André Arnaud de Calavon says:

      Hi Jawwad,

      XDS is an option to restrict data which is retrieved or written through the AOS. If you mean reports from Management Reporter, then the data is not controlled by the AOS. Then you need unit security setup in MR. Other reports which are running with e.g. a data provider class in Dynamics, will actually work with XDS.

      Reply
  3. Rajeev Tiwari
    Rajeev Tiwari says:

    Hello Andre,

    I need to restrict Specific 3-4 mainaccounts to users , usingthese 3-4 main accounts users should not be able to see balances , should not be able to create payment journal, General Journal .
    These above main account should be accessible to users having this role which contains xds policy.

    Please help us

    Reply
    • André Arnaud de Calavon
      André Arnaud de Calavon says:

      Hi Rajeev,

      There are some similar questions asked on the Dynamics community. I think you also found them as you commented on some of them. The community would be a better place to ask your specific questions. Some tips:
      – You have to find all related tables which you do want to constraint. Also define the primary table. In your case, I do think it would be the MainAccounts table.
      – Define a method how to restrict (role or user bases or both). Is a setup possible to link users with the primary table? Or define a certain field (e.g. posting type) which would be the key for hiding main accounts for certain security roles.
      – Then create the security objects and test it.
      If you have more specific questions, you can use the Dynamics community (or contact our sales department for resources to help you).

      Reply
      • Keyur Gadhiya
        Keyur Gadhiya says:

        Hello Andre,

        Is there a ay to restrict users to see only vendors of a particular business unit of financial dimension?

        I am unable to find a direct relation between vendtable and financial dimension

        Thanks,
        Keyur

        Reply
        • André Arnaud de Calavon
          André Arnaud de Calavon says:

          Hi Keyur,

          For sure this will be possible to achieve. Microsoft created some views which makes it a bit easier to work with the dimension values. You can link the VendTable with the view DimensionAttributeValueSetItemView on the fields VendTable.DefaultDimension = DimensionAttributeValueSetItemView.DimensionAttributeValueSet. In case you have enabled more dimensions, you will get multiple records in this view. One record for each dimension.
          To find the correct record in the view DimensionAttributeValueSetItemView you can link the DimensionAttribute table for the Business Unit record also with this view. Then link the fields DimensionAttributeValueSetItemView.DimenionsAttribute = DimensionAttribute.RecId.
          Let me know if this is sufficient for you to continue.

          Reply
  4. Azhar
    Azhar says:

    Hi Andre,
    I am getting this error below while year closing:
    Total of the transactions in the year is not 0.00.
    Total is 3,180.77.
    This is a serious error. Run \”Check\” on ledger transactions.

    Reply
    • André Arnaud de Calavon
      André Arnaud de Calavon says:

      Hi Azhar,

      Your question is off topic for this particular blog post. I don’t see a relation between your year closing error and the XDS examples. I would suggest visiting the Dynamics Community and search for existing questions on this topic. There were similar questions asked before probably for both AX 2012 and Dynamics 365. If the answers are not helpful, you can create a new question on the Dynamics Community forum: https://community.dynamics.com/

      Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.