Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2021 Release Wave 1Discover the latest updates and new features to Dynamics 365 planned April 2021 through September 2021.
Release overview guides and videos Release Plan | Preview 2021 Release Wave 1 Timeline
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I am trying to limit user access to only a few companies by setting record level security on company accounts, table company data, with a query of the list of company ids that should listed on the company selection breadcrump bar.
But the RLS query with table company data, field Company and a range of company Ids doesn't seem to work as AX still shows all available companies on the breadcrump bar or the select company accounts screen.
Does anybody has any expierence in using RLS to limit the companies displayed on company selection screens ?
Thanks in advance
Have you tried using domains instead of RLS to do this? Put each company account in its own domain and just dont give the user access to that domain.
Yes, that's an option, but this way I would have to copy all security details for each domain to where I need to grant access to. Also, I would need make sure to keep them in sync every time a change is made.
I also may have to dublicate permission groups as I may have users granting access e.g. to AR in companies A + B while I at the same time I have users with the same security level but requiring access to company B + C.
I don't want to end in permission groups like AR - co A + B; AR - co B + C etc.
Currently I am trying to do someting smarter: Collect all relevant companies within one domain and setup access to this "global" domain. This way I would have only one area where to place security.
The only missing piece now is to restict the company selection for the users. User may technically have the same permissions to all companies but will be able to select only the ones they are permitted to.
That's the idea behind my request. I thought RLS would be the resolution, but unfortunately so far I wasn't able to apply it to the global Company Accounts table. It simply does not have any effect to the data display, while using it on regular tables like e.g. customers, it works as expected.
The basic question is, do I miss anything or is RLS not working at all on these global sys tables.
Any hints ?
This is an old message and I assume you find a way to solve the problem.
May I ask you how you did it?
I'm talking about the issue when users still see the entire list of companies, even if by using domains I removed all rights and keep right definition only for those domains mapped on the company they are allow to operate.
Actualy, the real issue is that by doing (only) that, users can still select a companies where they don't have access in the breadcrump bar, but after doing this, they have no access nowhere, including to the list of companies mentioned above so have a chance to change to a correct one.
This is annoying for users working with multiple companies cause sometimies it happen to click by mistake . The only way in this case is to close AX and start it again
No, unfortunately I was not.
I am still looking for a good way to assign user groups per company to avoid duplicating these for each company.
I wasn't able to get the record level security to work for company accounts table.
In your case, I would suggest to create a specific security group to select companies including read access to the companies account group. If you set it up for a specific domain which includes all your companies should at least resolve the issue of not having permissions to change your company back when you enter the wrong company.
Hope this helps
This can't hardly be the recommended way to prevent a user to load a limited set of companies. Instead, create a usergroup with access to the companies and make sure the user is a member of this group. Remember, a users access is the sum of all access, so if the user is member of another group having access to all companies, you will have to remove the user from that group.
I have the same issue as question is posted.
I have tried the way as you have all said but all in vain..
Please can anyone help me out.
The main issue after following the above way is that user can see all the companies in the list but when it select the wrong company against the rights ,there is no option thereafter to select any other company.
It sounds to me like the security setup is incomplete. Assuming tihs is AX2009, check user groups permissions against each company. Check how domain (security domain in AX, not network domain) settings are defined.
You might need to restart the AOS to flush out any cached security. Navigation gets flushed when client is restarted.
You should also make sure you don't have custom menu items without ANY security settings. These will create navigation for users without any specific access. For example a customer vendor report without ANY defined security setting, and made available from the menu somehow.
Iam facing an issue in Ax2009.
I would like to restrict companies showing in breadcrumb bar based on user in ax2009 using x++ using customization (not through user group and domains).
while starting up of the Ax i need to restrict the companies access. so i need classes ,tables involved in it.
kindly help me.
Thanks & Regards,
Business Applications communities