D365FFO – AX – Create a security policy

This topic explains how to create a simple security policy that secures access to customers and customer groups, based on a range for a customer group.

Add a new query

  1. In Visual Studio, add a new query, such as XDSQCustGroup10, to your project/solution. The query will be used to restrict data access from the Constraint table.Add a new query
  2. Right-click Data Sources, and the select New Data Source.
  3. In the Table field, enter the primary table name CustGroup.
  4. Right-click Ranges, and then select New Range.
  5. Set the Enabled field to Yes.
  6. In the Data Source field, enter the primary table name, in this case, ‘CustGroup’.
  7. In the Value field, enter 10 to restrict access to data where CustGroup has value of 10, by defining the Range for the CustGroup field.In the Value field, enter 10

Add a new security policy

  1. Add a new security policy, such as XDSCustTableOnCustGroup10.Add a security policy
  2. Set Constrained Table to Yes. This will also secure access to the primary table. In this example this is the CustGroup table.
  3. Set the Context Type field to RoleName.
  4. Set the Enabled field to Yes.
  5. Set the Operation field to AllOperations. Other available values for Operation include SelectInsertUpdateDelete, and InsertUpdateDelete.
  6. Set Primary Table field to CustGroup.
  7. Set the Query field to the name of the query created above, for example ‘XDSQCustGroup10’.
  8. Set the Role Name field to ‘TradeSalesClerk’. Because Context Type is set to RoleName for this policy, it is required to enter the AOT name for a user role.In the Role Name field, enter TradeSalesClerk
  9. Next, add constrained tables. In this simple example add one table.Add constrained tablesa. Right-click Constrained tables, and then select New > Constrained Table.b. Set Constrained to Yes.c. In the Name field, enter the Constrained table, for example ‘CustTable’.d. In the Table Relation field, enter the relationship to the primary table, in this case ‘CustGroup’.
  10. As a final step, it is required that you build and synchronize the solution to activate the policy.


Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google photo

Stai commentando usando il tuo account Google. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...