web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Query, Security policy...
Finance | Project Operations, Human Resources, ...
Answered

Query, Security policy, XDS

(0) ShareShare
ReportReport
Posted on by Sayid 75

Hello,

I have a problem with security policy. The requirement is: have a role, which will be assigned to the user. User with this role will see only sales order with status Invoiced and Customer account CU001.

I have created query, in ranges I have created new range with field CustAccount and in Value inserted CU001, and next range with field SalesStatus and Value 2 (which is based on the enum value)

Then I have created new Security policy. In policy I set the Context Type as RoleName, Operation AllOperations, Primary Table SalesTable, Query - name of the previously created query and Role name. Then I right-clicked on Constrained tables and created new Constrained Expression. In this epression, I have set Name as SalesTable, Constrained Yes and Value CustAccount=CU001 & SalesStatus=2.

Like this it works fine, when I assign this role to the user. BUT I would like to ask, please, if I followed the right steps? Is it possible to use insted of Constrained expression Constrained Table? I am not sure because I am working with only one table, and there is not one Constrained table and the second one Primary Table. 

Also I do not understand, why I need to create a query that filters the data as I need and then I need to create  a Constrained expression, where I set the filter again, in the Value (CustAccount=CU001 & SalesStatus=2). I have tried to create only the query, assign this query to the policy and the policy to the role, and NOT create any Constrained table or expression, BUT the filter did not applied to the data. Can someone explain me, please, the logic behind?

Many thanks.

I have the same question (0)
  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 300,911 Super User 2025 Season 2 on at

    Hi Sayid,

    If you need to restrict only one table, you don't have to specify additional constrained tables. On the security policy properties, you can set the property Constrained table to Yes. It will then use the ranges as set in your query for the primary table of the XDS policy.

  • Sayid Profile Picture
    Sayid 75 on at

    Hi André,

    Thanks! That solved my problem. Can I have a question, please? How should I create query/policy so only one role, lets say role A, will see customer group G.

    So it means, that all roles except role A will see all of the customer groups except customer group G, role A will see all customer groups included customer group G.

    In this example, would I use the constrained table, please?

  • ergun sahin Profile Picture
    ergun sahin 8,826 Moderator on at

    I'm not an expert in XDS, but once you bind the policy to a role, you can't expect it to work for users outside that role.

    I think we have to approach it the other way around. You need a role B that can't see Group G.

    It will do what you want if you add role B to all users except the users you thought for role A in the first step.

  • Sayid Profile Picture
    Sayid 75 on at

    Hi Ergün, yes, that's the problem, the policy will work only for the role. I can create a policy, that will not show the role "G" and this policy assign to the new role and this role assign to all users except the ones, that should see this role. But how it is please possible to do that, so I do not have to assign the role to the users manually?

  • ergun sahin Profile Picture
    ergun sahin 8,826 Moderator on at

    I noticed you opened a second thread for this question. Let's continue at the other topic

    community.dynamics.com/.../1263911

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 660 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 549 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 307 User Group Leader

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans