web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

🚀 Season of Sharing Community Challenge Launch! 🚀
Ask A Community Pro
Introducing our New Video Series: Community Spotlight
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Hide specific data fro...
Microsoft Dynamics AX (Archived)

Hide specific data from developers

(0) ShareShare
ReportReport
Posted on by aweaka 25

Hello to everyone.

I have specific data which I need to not show for developers.

In both ways

  • user interface
  • table browser from AOT

And issue that I have faced is that RLS (Record Level Security) and XDS (Security Policies) are not applied for users with -SYSADMIN- role, that was tested on environment and it is described in white paper from Microsoft.

So the question is how to achive this goal and allow access to Dynamics AX AOT for developers?

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at

    AX is designed in a way that developer access = full access and there is no other way around.

    For security/audit purposes companies have the following options regarding admin access:

    1) Granting admin access to trusted people only, i.e. the developers who are doing maintenance, and making them sign a Non-Disclosure Agreement to keep secure data within the company.

    Any non-trusted admins in Test/Dev systems would not have access to sensitive data if you clean it up before cloning the Prod instance.

    2) Granting admin access only temporarily in a Production instance to a developer for the time of a maintenance

    3) Encryption of data, but I have not seen it implemented anywhere due to performance considerations and other reasons:

    https://blogs.technet.microsoft.com/fort_sql/2013/10/01/sql-server-transparent-database-encryption-tde/

    [View:https://technet.microsoft.com/en-us/library/dn385338.aspx:750:50]

    [View:https://technet.microsoft.com/en-us/library/bb934049(v=sql.110).aspx:750:50]

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 305,455 Super User 2026 Season 1 on at

    Hi Eugene,

    Like stated above: Developers should not have access as system administrators on a production environment. Only in exceptional cases or during maintenance. In a development environment it would be possible to obfuscate or delete some confidential data.

    Indeed, the system administrator role is a special one which bypasses all security, so also XDS.

  • Suggested answer
    Brandon Ahmad Profile Picture
    Brandon Ahmad 2,465 User Group Leader on at

    This is a classic request that most people consider at one time or another.   And then, ultimately, people usually realize that the advantage of a development environment is that you don't have to be as strict on data integrity as you do in a user acceptance testing or production environment.  I've seen a ton of custom solutions where people use SQL or some other solution to massage the data.  

    The Test Data Transfer tool was supposed to be the solution to this issue, but it was seldom ever used.  In the end, people found it faster to restore a backup from prod and run some sort of sql script in most cases.  However, some people did like it.  

    The important point is that the accepted practices for what developers can see and not see are usually very specific to an organization.  Some sort of data cleaning strategy will be necessary.  

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

🚀 Season of Sharing Community Challenge Launch! 🚀
Ask A Community Pro
Introducing our New Video Series: Community Spotlight

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Women in Power Builds Momentum

Expanding mentorship, skilling, and AI innovation

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
CP04-islander Profile Picture

CP04-islander 21

#2
dekion Profile Picture

dekion 4

#2
Virginia99 Profile Picture

Virginia99 4

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans