web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Applying XDS to multip...
Microsoft Dynamics AX (Archived)

Applying XDS to multiple existing roles

(1) ShareShare
ReportReport
Posted on by Pete Alberts 3,542

I have googled this issue extensively and haven't found any help specific to D365. Any links would be appreciated.

My boss tasked me with rewriting the AX2012 white paper on Security Policies for D365. https://www.microsoft.com/en-us/download/details.aspx?id=3110

Does anyone have experience in applying a policy to multiple existing roles?

In AX2012 this was easy (apparently - I don't have 2012 experience) ->> accomplished by simply setting the ContextString on each role to the ContextString of the policy. For roles in your own model the process would be identical, but for existing roles this is procedure is not possible. An extension of the role does not allow you to change the ContextString. I have a few solutions, which I haven't tested due to time constraints:

  • Create x duplicates of the policy for each of the x roles to be restricted. And then set the RoleName property on each policy-duplicate to the applicable role.
  • As you can add duties to a role extension: Create a duty and set its ContextString to the policy ContextString (don't know if this is the same as setting a role's ContextString) and the add the duty to the role.
  • Duplicate the role. Mark the original as obsolete. And then set ContextString.  Terrible solution?
  • Any other ideas?

Thanks for reading

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Mea_ Profile Picture
    Mea_ 60,284 on at

    Hi Pete Alberts,

    In current version you can set ContextString property for each role using UI. Just go to System administration -> security configuration  and you will see "Security policy context string" field that could be populated for each role.

  • Pete Alberts Profile Picture
    Pete Alberts 3,542 on at

    Wow thanks - I wasn't aware of that.

    But what if the configuration is intended to be part of the model, in the ISV layer and not top level? Or does 365 not cater for that at the moment?

  • Verified answer
    Mea_ Profile Picture
    Mea_ 60,284 on at

    You cannot do overlayering as of 8.0 so forget about layers, they've gone once and forever. In current version you have 2 ways to create security objects: AOT and UI. UI overrides AOT and users literally can create new roles, duties and privileges or modify existing one. As you said this property is not extensible ( I have not checked, so I believe you)  but if you ISV should set it to something for existing roles you should be able to do it via x++, if something could be done via UI then it is possible via x++ or you may just do documentation for you ISV saying that if you want to use XDS set context string to blah-blah.

  • Pete Alberts Profile Picture
    Pete Alberts 3,542 on at

    Great, thanks! Some further questions:

    1. Where (or how) are these UI modifications stored? I made an attempt to find it in the AOS - couldn't find anything.
    2. I'd very much like to know how a policy is linked to roles through x++, but to do that I'd have to navigate to the code through the Security Configuration Form. Its name is SysSecConfiguration. However, many elements are dynamically created and the form is in general a bit overwhelming to me. If you have time, would you mind taking a look at it (just for future reference, not at all important).
    3. About the statement you made about layers. Would you mind taking a look at another question I posted just now: "Layers in D365" community.dynamics.com/.../284701

    Please excuse me for the numerous requests... :)

    Thank you very much for your replies.

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,075 Super User 2025 Season 2 on at

    Hi Pete,

    The modifications are created as runtime objects (dlls) on publishing the changes. All changes which are presented on the configuration form are stored in the database.

    Can you elaborate on the second question?

  • Pete Alberts Profile Picture
    Pete Alberts 3,542 on at

    Thanks!

    Question 2: The SysSecConfiguration form links a Security Policy to a role by means of a ContextString. I'd like to reproduce that functionality, but I can't find the path to the code. I want to link a policy to roles in my model, not on User level.

    I get the idea that the way to go is to just create the policy and leave the linking-to-roles for the client configuration, but for research purposes I'd like to know how to do it in code, on. ISV level.

  • Pete Alberts Profile Picture
    Pete Alberts 3,542 on at

    The form dynamically creates the controls on the tab pages.

    One of those controls is a text box where the user can specify a contextString for a given role. Somewhere the form must call some class or method that finds the policy specified in the control and then applies that policy to that role. I want to know where that code is - I get lost when I try to find it myself.

  • Pete Alberts Profile Picture
    Pete Alberts 3,542 on at

    Thanks in any case - I will continue with the UI method.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,075 Super User 2025 Season 2 on at

    Hi Pete,

    If you don't specify any ContextString and have also the ContextType property unset, the policy is active for all roles. Would that be an option for you?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans