In this Blog post we will learn about Extensible Data
Security frame work and how to implement security using XDS in ax 2012
What is XDS :
Extensible Data Security (XDS) is a framework in
MicrosoftDynamics AX that allows developers and system administrators to
deny access to subsets of data and only share a subset of data with appropriate
users. XDS replaces the Record level security framework in
previous MicrosoftDynamics.
XDS Artifacts
• Query
• Primary
Table
• Constrained
Table
• Policy
• Context
Primary table: This is the main table in the query on which the
policy is imposed. In our case, cust table is the primary table where we have
to define the said range.
Constraint table: These tables have foreign key relation on
the primary table and their contents will be secured based on range defined in
primary table. In our case, it will be Sales table where the customer
display will be limited to the values defined in primary table.
• Policy query: Every XDS policy has
a query where the constraints (ranges) are defined. You can nest multiple data
sources in the query.
Policy Context: Context type in the policy. It can be one of
the following – Role Property/ Role Name/Context string.
Context String: You specify a value here and this will be matched
with the Context string property defined for a role.
Role Name: This specifies the role for which the policy is applied.
Role property: This is used in combination with ContextString to
specify multiple roles context.
Scenario:
Lets take a scenario in which we
need to restrict user that it can only view the specific customer group sales
Order. Let say cust group 20.
To implement the scenario follow
the following steps
Step 1 : Create Query:
First thing first, Create AOT
Query with CustTable as a datasource of
our Query as Shown in Figure (a)
Figure (a)
Step 2 : Create Role
Create Role from AOT >
Security > Roles, Specify the Label and description of created Role as shown
in below image
Step 3 : Create Policy
Now create policy and specify all
the relevant properties as shown in figure (c). note: do not leave any essential property blank here
as these are very crucial in implementing XDS
Essential Properties of Policy are:
i)
Primary Table : in Our scenario its custTable
ii)
Constrained Table : Select it as Yes or Leave it
No according to your Requirement
iii)
Context Type : select RoleName here
iv)
RoleName : Select Role created in Step 2
Step 4 : Assign XDS Role to User
Assign XDS Role Created in step 2
to any user in which you need to test XDS. Refer to the below image
Step 5 : Execution
When Login through a user which
we have assigned our created XDS Role you will get the only customer record
having custgroup = 20 as shown in below image
No comments:
Post a Comment