Record level security for multiple warehouses and users.

(0) Share

Report

Posted on by Community Member

I had a requirement to restrict a particular warehouse manager to only create, update and view transfer orders related to a particular warehouse.

Example:

Warehouse manager MANAGER_A can create, update and view transfer orders related to WAREHOUSE_A only.

I implemented this requirement using extensible data security by creating queries and security policies and associating policies with roles. Now my client has 100 different warehouses and he is asking whether he has to create 100 different queries, security policies and is afraid that this solution is not user friendly and will be difficult for a system user to create and maintain that many objects.

Question:

Does the system user have to create 100 different queries and security policies to handle this requirement? Is there any other way to handle this requirement?

*This post is locked for comments

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

Mahmoud Hakim 17,887 on at

Like (0)

Report

RE: Record level security for multiple warehouses and users.

you can use record level security to restrict any number of warehouses for specific role

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Record level security for multiple warehouses and users.

I tried record level security but it didnt work for me because I had to restrict the user to view only transfer orders that were either generated from his warehouse or to his warehouse.

I tried adding query with filter criteria as following

LocationIdFrom = "WAREHOUSE_A"

LocationIdTo = "WAREHOUSE_A"

but above query is than treated as logical AND clause i.e. fetch all records whose locationIdfrom is "WAREHOUSE_A" AND locationIdTo is "WAREHOUSE_A" which returns 0 records.

Was this reply helpful? Yes No
Suggested answer

Mea_ 60,284 on at

Like (0)

Report

RE: Record level security for multiple warehouses and users.

Hi Ahsan Ahmed,

You can use expression in query range msdn.microsoft.com/.../aa893981.aspx to say LocationIdFrom = "WAREHOUSE_A" or LocationIdTo = "WAREHOUSE_A"

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Record level security for multiple warehouses and users.

Hi ievgen Miroshnikov,

Thanks for your reply.

I can apply query ranges but I was asking from end user perspective who does not have development experience. How will he be able to setup different roles without actually opening development environment and manipulating queries and query ranges. More specifically is there any way end user can handle this requirement using record level security as shown below?

Was this reply helpful? Yes No
Suggested answer

Mea_ 60,284 on at

Like (0)

Report

RE: Record level security for multiple warehouses and users.

Hi Ahsan Ahmed,

First of all you should not use RLS at all, use XDS instead. There is a good document explaining how to use it www.microsoft.com/.../details.aspx please read it.

If you dont want to hardcode these ranges you need to build a table and form where user can specify warehouses allowed for user\role and then your XDS policy could restrict data base on this selection.

Was this reply helpful? Yes No