Hello,
I am trying to implement XDS framework to prevent users from accessing projects according to a specific criteria. for e.g only projects with Project type = 'Fixed-price'.
For that I have done the following:
1) created a query with ProjTable datasource and range specifying value 'fixed price' on project type.
2) created a policy with primary table: ProjTable. I specified the query I had previously created. Properties: Constrained table-yes. Context type-RoleProperty. Context string-ProjXDSPolicy (this policy will be used on several roles e.g assistant, manager, etc.).
I then added ProjBudget and TSTimesheetTable as constrained tables. Both properties Constrained-Yes.
My issues now are the following:
1) there is no direct relationship between TSTimesheetTable and ProjTable. How can I add this table to the policy?
2) I have a couple of scenarios to implement but as an example, I have to give following access to an employee:
Access Read to all projects (meeting criteria ProjType= 'Fixed-price'). Deny access to ProjBudget. Access update to TSTimesheetTable (but only 'My timesheets').
Can I implement all the above in a single policy? the only property I can see on the policy to do that is 'Operation'. Is it possible to give different access to the different constrained tables on a single policy?
Can I deny access directly on a policy? (I know that access controls are given through privileges-should I then manage the projBudget restrict access through an individual privilege that I would attach to the role instead?).
I am not very familiar to XDS.
I have gone through the following links as reference:
https://www.gofastpath.com/blog/using-the-extensible-data-security-framework-in-dynamics-365-fo
https://dynamicspedia.com/2021/06/extensible-data-security-examples-secure-by-project-responsible/
Kindly let me know what would be the best approach to implement this scenario.
Thanks in advance,
Oushmita,
