web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Is XDS right for my sc...
Finance | Project Operations, Human Resources, ...
Answered

Is XDS right for my scenario? Hide sensitive records by default; allow specific role full access.

(3) ShareShare
ReportReport
Posted on by CU29041349-0 610
Hello,
 
I have a task to manage security on the Customer form. I've been asked to hide all customers that have a specific Customer group value - this should apply to every user. For a select number of users, I will need to grant them access to all records regardless of Customer group value, likely through a Role. My head was at overriding the lookup on the customer form depending on the roles assigned to the current user. 
 
I was wondering if XDS can be leveraged to do the same? From what I've read, probably not, as it seems to favor overt record restrictions based on user role(s). 
 
Thank you!
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Suggested answer
    Mohamed Amine Mahmoudi Profile Picture
    Mohamed Amine Mahmoudi 26,801 Super User 2026 Season 1 on at
     
    Yes, XDS can absolutely be used to handle this use case, and in fact, it's exactly the right tool when the goal is to restrict access to specific records based on data values (like Customer group), per role or user.
     
    Best regards,
    Mohamed Amine MAHMOUDI
  • CU29041349-0 Profile Picture
    CU29041349-0 610 on at
    Would you be able to provide specifics?
    The XDS examples I've seen talk about restricting records based on a record field value, but the policy is tied to a role. Wouldn't I have to add that role to every user to restrict their view, and leave it off users who should see all records? What I'm looking for is to have the default be restricted to everyone, then for those authorized user, they'd be able to see all records. 
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,730 Super User 2026 Season 1 on at
    Hi,
     
    Your scenario is possible. But it requires some architectural thinking. You are saying that all users will be restricted unless someone has an additional security role. In that scenario, I recommend using a so called MyConstruct table where you can manage with X++ logic which customer groups are visible for a user. This is a temporary table and will be populated with records per user the first time the user will access the customers or customer group. 
     
    On my blog, I have shared some examples where this technique is also used. For the XDS security policy query, you can then make an inner join with this table. The XDS() method on the MyConstruct table can build the list with customer groups, except the one that should be hidden. You can also create an XDS policy with a non-exists join. Then you add only the hidden customer group. In that same method you can check the security roles assigned to the user and fill the table different for those users.
     
    You can have a look at e.g. the next examples:
     
    Please let me know if you can continue with this suggestion or if you need more help.
     
     
  • CU29041349-0 Profile Picture
    CU29041349-0 610 on at
     
    For the MyConstruct table, I would then have to add a flag to the Customer groups table to indicate which records to hide by default? I assume I would have to populate MyConstruct by user, that there would be no option to constrain the Customer and Customer groups just using the flag on the Customer groups? 
     
    Thank you
  • CU29041349-0 Profile Picture
    CU29041349-0 610 on at
    Still have this open question. Hoping someone can offer strategies/options to address.
     
    Also wanted to ask if F&O has implemented something similar so I might be able to use as a template to understand how this requirement can be implemented. 
  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,677 Super User 2026 Season 1 on at
     
    F&o don't have a template than you can reuse. You have to do development for this. You custom table will act as a setup (set of rules). Those set of rules (setup) you can change anytime from the UI, based on the requirement. 
     
  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 303,730 Super User 2026 Season 1 on at
    Hi,

    Somehow, I missed an earlier notification that you replied after I responded. Yes, you can use an additional field on the customer groups. You also need to indicate which security roles should be included or excluded from hiding records.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 663

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 439 Super User 2026 Season 1

#3
Syed Haris Shah Profile Picture

Syed Haris Shah 337 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans