Personalized Community is here!
Quickly customize your community to find the content you seek.
Latest TechTalk Videos
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
does any of the standard security roles restrict a user to access only the projects where s|he is assigned as Projekt Manager, Project Controller, Sales Manager or as a assigned Ressource?
Also it i required to see only project transactions from the projects s|he has access granted.
How should be fulfill this requirement?
Out of the box, there is a list page for "my" projects. If you don't assign permissions to the menu item for all projects, this would be an initial security layer.
However, you are also asking about the project transactions. In that case, there is nothing out of the box without doing some development. The eXtensible Data Security (XDS) would be suitable to build the record level security you are asking for.
that is exactly is customers pain.
We know "My Projects" which prefilters for the current user unchangeable as he is a Sales Manager, Project Manager or Project Controller:
This works fine for the first step.
But as we go from Manage/Related Information/Pending transaction or Posted transactions there is just a column filter in the grid which filters to the current project.
So user only needs to remove the Project-ID from column filter and can see all transactions of all projects, what is not desired.
Same situation at Manage/Bill/Invoice journals, they just need to activate the show filter pane and remove the Project-Id to get access all project invoices.
How do other Customer handle this?
As it is large company with a lot of different Business Units and departments, what would you suggest as you are very experienced in secutiy designs?
As suggested, the only way to restrict transaction level data is by creating security policies using XDS framework and apply to required roles. Also note that XDS framework introduces some performance overheads so volume of data will be a key in using this
You probably missed the second part of my reply. The XDS framework is really enforcing on the AOS level the security for individual records.
If you want to learn more, you can read my blogs about this topic. I did spent quite some time in writing blogs and creating some examples which can be downloaded for free: XDS Archives - Dynamicspedia
Dear Andre, dear Sumit,
thank you for your reply and we will now go to estimate effort to find a solution on this way using XDS. If any of you interested to create the solution based on this requirement within the project module please feel free to contact me with PM on Linkedin.
Business Applications communities