Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2022 Release Wave 1 PlanDynamics 365 release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.
2022 release wave 1 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
Is it possible to assign a security policy to multiple roles, either by assigning a policy to duties and privileges rather than a role, or by any other way?
What I want to do is have a restriction on a table (record level security) which restricts records based on some criteria. I then want to assign this policy to multiple roles.
I noticed on the policy, there is a property called "ContextType". I assume that If I set this to "RoleProperty" and then set "ContextString" to a value, I can assign this to multiple roles. If so, how do I set a role to include this policy?
I would appreciate help as I had trouble finding detailed documentation on this (if it even exists).
You are almost there... :-)
You can type in the context string a certain value, e.g. "XDSpolicy". The security roles also do have a property in the AOT for defining a context string. Enter the value used at the security policy in the context string property of the roles where it should be applied to. Then you have created the link with multiple roles.
I see it now. I have two concerns regarding this:
1. Can I assign multiple ContextString values to a role (can I separate multiple values using commas)? I will need this if I want multiple policies for a role and also have the policies apply to other roles.
2. This is part of software that I am distributing to multiple customers. Is this something a system administrator can modify easily? It seems that it is but I just want to make sure there would not be any problems with this.
Great questions. I tried before to enter multiple values, but did not have luck with it, so it probably would not work. Neither on the security policy and the roles.
You can have multiple policies using the same context string.
If you want to make combinations, you would probably need to duplicate policies and roles.
If you add/change security policies and/or roles it is stored in the application. So if you ship the complete model store to the customers, it will be in there as well. An administrator can access the AOT and can make changes as well. Be sure he is familiar with these concepts or give him some training.
When you do not want to ship this to every customer, you can consider creating a separate model and ship various models to your customers.
I thought so. I think I will just have to create multiple policies.
Yes, I'll definitely have documentation and training available for customers.
Thank you. You have been very helpful.
I have the same requirement as mentioned above: Apply multiple context strings to a single role.
One of the workarounds I could think is to create dummy Security Roles just for the Security policies and them to Users or other roles as a sub-role to apply policy.
Just wondering if this approach has any disadvantages in the longer run.
Could you please post some examples ? As its very difficult to find to paas them. In role its in form of label and in policy its only a string.
I have tried use ContextString on a role and on a policy and it didn't work. Changing on RoleName works perfectly but I want to use this policy in many roles...
Is there any additional settings apart from ContextString on policy and ContextString on Role?
If it is related to all roles, you can also use the policy without any ContextString or RoleName. Can you elaborate what exactly is not working? Do you have multiple policies on the same role and/or table(s)?
I would like to link the policy to some roles not all of them.
I have one policy on HcmWorker table connected to a query which returns CustTable records for current user only. When I set ContextString on the policy and role I can see all customers :(
What exact role did you use? Note that when the system user role has been assigned to a user, XDS is not active.
I used a new role which has no sub roles.
You need to change Context type to RoleProperty. This has been answered in community.dynamics.com/.../844158
Not sure this is a bug or by design, initially I also thought that the Context type should be ContextString when we want to use Context string as policy.
Business Applications communities