XDS Security on InventDim / InventSum

(0) Share

Report

Posted on by Javirrubio

965

Hi,

I'm trying to implement XDS security or RLS in the Invent Dim / Invent Sum. The goal is to limit the access to the On Hand Stock based on InventLocation.

That's working fine but it has knockout effect which is the users can't then post transactions (Purchase Order receipts, Transfer Orders, etc) in the system, not only against that particular warehouse.

Have you ever came accross this issue before?

*This post is locked for comments

I have the same question (0)

All responses (9)

Answers (0)

guk1964 10,888 on at

Like (0)

Report

See

dynamicserppros.com/restricting-user-view-microsoft-dynamics-ax-2012

and community.dynamics.com/.../250857

(You should be able to restrict access to the form.

A user group accessing on-hand form should only then see data for the granted access warehouse.)

Was this reply helpful? Yes No
Javirrubio 965 on at

Like (0)

Report

Hi,

Just trying to setup XDS security in the On Hand forms (Stock and warehouse) / Common / On Hand Stock so I can only see on hand stock for certain warehouses.

If I use the advise above using the InventDIm as a primary table in the query, linked to the inventlocation and the range in the inventlocation and then adding the InventSum as a constrained table I get an error in the InventSum if I try to post any transaction, for example. It says the recrod already exist.

If in the constrained node, in the InventSum table I set the property "Contrained" to no, I see lines for all warehouses in the On Hand form.

I don't see how I can filter by the InventLocationId in the On Hand Stock form without contraining either InventSum or InvenDim

Was this reply helpful? Yes No
André Arnaud de Cal... 301,075 Super User 2025 Season 2 on at

Like (0)

Report

Hi Javier,

Magic1949 shared a link of the same question on the community. This has information that you should use more policies with different purposes. Try to follow that suggestion as it is key in being able to solve your error.

Was this reply helpful? Yes No
Javirrubio 965 on at

Like (0)

Report

Hi Andre,

I do understand the logic of creating different policies, however, my problem is as soon as I implement security on the On Hand form, the users lost the ability to insert / update in the InventSum or InventDim. I think I've tried all combinations. Either the InventSum or the InventDim need to be constrained in order the policy to work, and once you constrain one of them, you can't update / post any transactions. Unless I'm missing something

Was this reply helpful? Yes No
André Arnaud de Cal... 301,075 Super User 2025 Season 2 on at

Like (0)

Report

Hi Javier,

The InventSum table should be restricted using the 'Select' option. 'All operations' is hiding, but also restricting creating or modifying records.

Was this reply helpful? Yes No
Javirrubio 965 on at

Like (0)

Report

Hi Andre,

This is the structure I have so far:

and the Policy:

With this in place, it filters ok in the ON Hand Stock form, so I only see the warehouses I've specified in the range in the InventLocation but if I try to post a Transfer Order I get an error in the InventSum saying the record already exists

Was this reply helpful? Yes No
Javirrubio 965 on at

Like (0)

Report

Any advise?

Was this reply helpful? Yes No
guk1964 10,888 on at

Like (0)

Report

I am not sure where you are stuck Try this:

• Inventory is maintained in the InventSum table which joins to the InventDim which contains dimension information such as warehouse/location/serial # etc…

• The table to restrict the data is the InventDim table which is where you find the warehouse/location combination

• Create a new Shared Project. Name it e.g. ‘RestrictWH’.

• Right-click on the Project and go to New Query.

• Rename the Query e.g. ‘Restrict_WH_Loc’.

• This query name will later be specified in the Security Policy AOT object’s properties.

• Add the InventDim table to the Query –

• Set the Fields node’s Dynamics property to Yes.

• Add 2 ranges: for InventLocationId, and for wMSLocationId.

• To restrict warehouse and location set the Value property for those on both Ranges.

• Save and compile the query.

• Right click on the Project node

• Go to New -> Security -> Security Policy.

• Name it ‘Restrict_WH_Loc’.

• Setup the Properties

• E.g. the users assigned to the WH-A-1 Role will be restricted from viewing on-hand inventory in Warehouse A - Location 1.

• Right click on the Constrained Tables node and add the InventSum table

• Users who are assigned to whichever Role is specified in the RoleName property will be impacted by the policy restriction.

• Save and compile the new Security Policy.

• Close AX, and log back in as Admin.

• Go to System Administration -> Users.

• Lookup the user and assign the Role to the user.

(Note: this user will also need other Roles to allow viewing of the on-hand inventory form. See for example patrickhawker.wordpress.com/.../ax-2012-security)

Close AX.

Log back in to the AX client, to see the Security Policy is in effect for the user.

Was this reply helpful? Yes No
Javirrubio 965 on at

Like (0)

Report

Hi Magic,

If I do the setup as you have described above the users assigned to that security role will be unable to post any Transfer Order or Invent Journal as they will get errors related to the Invent Sum. It will work to restrict the view in the On Hand screens if that's all you want but it's not a workable solution for a warehouse user that needs to post / update stock transactions

Was this reply helpful? Yes No