Skip to main content

Notifications

Dynamics 365 Community / Blogs / Learn with Subs / XDS Policy of D365F&O: its ...

XDS Policy of D365F&O: its hidden gems

Subhad365 Profile Picture Subhad365 7 User Group Leader
 

Amigos, we all know the riches of XDS (eXtended Data Security) policies, and its vast shores of applicability. If you want to restirct data based on some preconditions, then, yes: XDS is the correct option for you. Suppose you have a requirement: you want to show the user-specific journal lines. I  have created Journal J1, J2, and J5, Tome has created J3, Harry has created J6. When I would logon, I should see only J1, J2 and J5. XDS could be a very solution for all such sitations.
Generally these are the steps we follow for creating an XDS policy 
a. Create a Query, start with a table for which you want to arrest the data, make it as a Constraint Table.
b. Create an XDS policy, assign the created Query, to the policy XDS. Select the above primary table as the primary table for XDS.
c. In the XDS policy, you can keep giving the tables' names which you want to arrest, one to the next.




d. Select the ContextType as a 'RoleName', otherwise you can also select 'RoleProperty' -- if you want to make the policy available as across a wide range of roles.




Let us try something twisty now. I have done a customization on Journal Lines: there is a boolean field called: CreatedFromEDI. Let us suppose this flag gets turned on, when the journal lines are getting created from EDI integration. 
Now the requirement is: when any user opens the Journal, and if he is having any of these journal lines with this flag as true, then he/she should not be able to view the entire journal table altoegther. Journal J1 has 20 lines, out which line no. 1, 3, and 10 are having this flag as set: I should not be able to see the entire Journal J1 itself.
In this case, using a conventional XDS policy, as mentioned above, might not work. It will be kind of difficult to design a policy with Constraint tables, that checks if one of the condition fails, not to show the entire parent record.
For all such cases: we can create a view-based XDS policy. 
Let me explain:
Create a view (name it as EDILinesView) with InventJournalLine, with a syscomputed column/view method: checkIfEDILinesExist:
public static str checkIfEDILinesExist()
{        
    #define.EDILinesView(EDILinesView)


    #define.InventJournalLine(InventJournalLine)


    #define.JournalId(JournalId)


    str countRec;


    countRec = strfmt('select count(RecId) from InventJournalLine where InventJouunralLine.JournalId = %1                 and InventJouunralLine.CreatedFromEDI= 1', 
                SysComputedColumn::returnField(
                                                tableStr(#EDILinesView),


                                                identifierStr(#InventJournalLine),


                                                fieldStr(#InventJournalLine, #JournalId)


                                                ));
    return countRec;
}
Next you create a View field on this method. Build the view (it's gonna take a huge lot of time, don't worry 😅)
On doing this, you create a query: RestirctEDIJournalQuery that has table InventjournalTable and EDILinesView Inner joined, and a range on EDILinesView: checkIfEDILinesExist = No.
What does it mean?
It means you are asking the view to show you only all the journals where none of the line has a CreatedFromEDI. 
Next is very simple, you know?
All you need to do is to 
a. Create a Policy that has Primary constraint table: InventJournalTable
b. Select the query: RestirctEDIJournalQuery 




c. No need to mention any other constraints here: the view is going to take care of all everything else.
d. Create a role, using this Policy and assign the role to your desired user. You would see he/she not gonna see any journal table that has Created from EDI flag as true.
e. And finally: as its a view based policy with precalculated fields and values, its gonna be superfast, as well.
Whew! So much for today, will be back soon, with many such cool ideas. Much love and namaste, as always 💓💓💓 
​​​​​​​

Comments

*This post is locked for comments