web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Limit access to record...
Microsoft Dynamics AX (Archived)

Limit access to records to specific company (XDS?)

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

Is it possible to limit the access to specific tables to specific companies via e.g. role? We want a user to have access to all companies but in a specific form he should only see the records of one company.


If I use XDS and assign a role linked to a security policy with limited company access to a user, its working fine but as soon as I assign another role with access to more/all companies, the user can see the records from the companies assigned to the other role in the tables that are only in the first role. Is there a workaround for this or a completely different solution? I don't understand why I can assign companies to roles when the system then adds the companies from all roles up and grants all roles access to all companies, regardless of which company is assigned to which role. Shouldn't that be a company assigment on user level?

*This post is locked for comments

I have the same question (0)
  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,438 User Group Leader on at

    I haven't tested your scenario but what I suspect that other role which you assigned to user, having access of same table. Make sure to omit the Table permission from other Roles.

  • Community Member Profile Picture
    Community Member on at

    I used system user and assigned it to all companies.

    I used HcmHumanResourceAssistant (linked to policy) and assigned it to a specific company.

    Now I can see the workers/employees of all companies. I don't think the role 'system user' grants access to those tables. If I take the system user away, I see the desired result (only worker/employees of the assigned company).

    It seems the companies of all roles are added up and applied to all roles.

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,438 User Group Leader on at

    System user role has a Duty named as SysServerAXBasicMaintain

    This duty further has a privilege named as DimensionEssentials

    This privilege DimensionEssentials has HCMWoker table Read permission.

    That is suspicious point. On top of that, HCMWoker table saves data independt of DataArea Id.

    So, to limit it from everywhere, you may have to apply same security policy to SystemUser Role.

  • Community Member Profile Picture
    Community Member on at

    I created a new, empty role, unassigned the system user role and assigned the new, empty role with access to all companies. Now I can still see all workers/employees. The empty role should definitely not grant access to anything.

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,438 User Group Leader on at

    As I am not sure about the query which you have used in your XDS. So, kindly attach your XDS policy and query somewhere and give me URL, I will test it

  • Community Member Profile Picture
    Community Member on at

    It's the standard HcmWorkerLegalEntity policy attached to whatever role.

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,438 User Group Leader on at

    I have tested it. It is working 100% perfectly.

    While looking at XDS query I can see join with MyLegalEntities(Table)

    So, please make sure that for each role which you have assigned to user, Limit organization by clicking at Role Assignment windows in user details pan. Unless you would not restrict each assigned role of this user to one or specific organization, you will not be able to get filtered results.

    Do let us know if you are not aware of how to limit a security role assigned to one user, for single organization, so we can give you  steps for that.

  • Community Member Profile Picture
    Community Member on at

    Hi Sohaib

    I am having one doubt pls suggest any answer,

    I would create one new role named as Test.My calling sequences are privilege name Test1 this will map to my customised class named as MyClass(This class will display one print statement thats it).And this privilege will map to duty named as Test2.

    Finally created privilege mapped to new role named as Test.

    And this role will assigned to user and remove system administrator role.

    Now i will open AX this assigned role response was not reflect.

    please advice...

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 49,438 User Group Leader on at

    Hi RKO,

    Thank you for your question.

    Kindly create a new thread for your unique question.

    We do not recommend multiple questions on same thread. Create a new question and wait for replies.

    Thank you for your cooperation.

  • Community Member Profile Picture
    Community Member on at

    "Unless you would not restrict each assigned role of this user to one or specific organization, you will not be able to get filtered results."

    This is the why I'm posting. I really think you are misunderstanding me. I do not want to restrict all roles, I want to strickt one role and then I want that all tables in the policy query of this one role are restircted to the assigned company while all other roles are left as they are.

    We want a user to have access to all companies with all roles expect for the policy tables linked with the HcmWorkerLegalEntity role.


    The permissions of the role itself work fine, but the linked xds data restriction doesn't. Let me try to explain with another example:


    I assign the following two roles to a user

    - role A: it has access to all companies but does not contain any access to workers or employees

    - role B: it is restricted to one company but does give you access to workers and employees


    Now I start the client with this user and the result is the following:

    - I can access workers and employees only in one company - correct, because I enabled the role only for one company

    - I open the workers or employees form and I can see the records of ALL companies - wrong, I only assigned one company to this role, why do I see all records? I should only be able to see the records of the assigned company

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans