Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Limit access to record...
Microsoft Dynamics AX (Archived)

Limit access to records to specific company (XDS?)

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

Is it possible to limit the access to specific tables to specific companies via e.g. role? We want a user to have access to all companies but in a specific form he should only see the records of one company.


If I use XDS and assign a role linked to a security policy with limited company access to a user, its working fine but as soon as I assign another role with access to more/all companies, the user can see the records from the companies assigned to the other role in the tables that are only in the first role. Is there a workaround for this or a completely different solution? I don't understand why I can assign companies to roles when the system then adds the companies from all roles up and grants all roles access to all companies, regardless of which company is assigned to which role. Shouldn't that be a company assigment on user level?

*This post is locked for comments

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 46,614 User Group Leader on at
    RE: Limit access to records to specific company (XDS?)

    Fact is you have assigned Role A, for all companies, This is point of Failure because query of XDS has table MYLegalEntities, so either change query to work as per your need or you have to limit all assigned roles to single organization.

    You don't want to remove access of all legal entities or RoleA , so I would say create a new XDS policy and don't include join with MyLegalEntities. Create your own table and setup where you can define user and allowed HR Companies. Finally create an xds query and policy. standard AX security policy cannot help you, as it has join with MYLegalEntities 

  • Community Member Profile Picture
    Community Member on at
    RE: Limit access to records to specific company (XDS?)

    "Unless you would not restrict each assigned role of this user to one or specific organization, you will not be able to get filtered results."

    This is the why I'm posting. I really think you are misunderstanding me. I do not want to restrict all roles, I want to strickt one role and then I want that all tables in the policy query of this one role are restircted to the assigned company while all other roles are left as they are.

    We want a user to have access to all companies with all roles expect for the policy tables linked with the HcmWorkerLegalEntity role.


    The permissions of the role itself work fine, but the linked xds data restriction doesn't. Let me try to explain with another example:


    I assign the following two roles to a user

    - role A: it has access to all companies but does not contain any access to workers or employees

    - role B: it is restricted to one company but does give you access to workers and employees


    Now I start the client with this user and the result is the following:

    - I can access workers and employees only in one company - correct, because I enabled the role only for one company

    - I open the workers or employees form and I can see the records of ALL companies - wrong, I only assigned one company to this role, why do I see all records? I should only be able to see the records of the assigned company

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 46,614 User Group Leader on at
    RE: Limit access to records to specific company (XDS?)

    Hi RKO,

    Thank you for your question.

    Kindly create a new thread for your unique question.

    We do not recommend multiple questions on same thread. Create a new question and wait for replies.

    Thank you for your cooperation.

  • Community Member Profile Picture
    Community Member on at
    RE: Limit access to records to specific company (XDS?)

    Hi Sohaib

    I am having one doubt pls suggest any answer,

    I would create one new role named as Test.My calling sequences are privilege name Test1 this will map to my customised class named as MyClass(This class will display one print statement thats it).And this privilege will map to duty named as Test2.

    Finally created privilege mapped to new role named as Test.

    And this role will assigned to user and remove system administrator role.

    Now i will open AX this assigned role response was not reflect.

    please advice...

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 46,614 User Group Leader on at
    RE: Limit access to records to specific company (XDS?)

    I have tested it. It is working 100% perfectly.

    While looking at XDS query I can see join with MyLegalEntities(Table)

    So, please make sure that for each role which you have assigned to user, Limit organization by clicking at Role Assignment windows in user details pan. Unless you would not restrict each assigned role of this user to one or specific organization, you will not be able to get filtered results.

    Do let us know if you are not aware of how to limit a security role assigned to one user, for single organization, so we can give you  steps for that.

  • Community Member Profile Picture
    Community Member on at
    RE: Limit access to records to specific company (XDS?)

    It's the standard HcmWorkerLegalEntity policy attached to whatever role.

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 46,614 User Group Leader on at
    RE: Limit access to records to specific company (XDS?)

    As I am not sure about the query which you have used in your XDS. So, kindly attach your XDS policy and query somewhere and give me URL, I will test it

  • Community Member Profile Picture
    Community Member on at
    RE: Limit access to records to specific company (XDS?)

    I created a new, empty role, unassigned the system user role and assigned the new, empty role with access to all companies. Now I can still see all workers/employees. The empty role should definitely not grant access to anything.

  • Sohaib Cheema Profile Picture
    Sohaib Cheema 46,614 User Group Leader on at
    RE: Limit access to records to specific company (XDS?)

    System user role has a Duty named as SysServerAXBasicMaintain

    This duty further has a privilege named as DimensionEssentials

    This privilege DimensionEssentials has HCMWoker table Read permission.

    That is suspicious point. On top of that, HCMWoker table saves data independt of DataArea Id.

    So, to limit it from everywhere, you may have to apply same security policy to SystemUser Role.

  • Community Member Profile Picture
    Community Member on at
    RE: Limit access to records to specific company (XDS?)

    I used system user and assigned it to all companies.

    I used HcmHumanResourceAssistant (linked to policy) and assigned it to a specific company.

    Now I can see the workers/employees of all companies. I don't think the role 'system user' grants access to those tables. If I take the system user away, I see the desired result (only worker/employees of the assigned company).

    It seems the companies of all roles are added up and applied to all roles.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Congratulations to all our community participants!

Adis Hodzic – Community Spotlight

We are honored to recognize Adis Hodzic as our May 2025 Community…

Kudos to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Microsoft Dynamics AX (Archived)

#1
Mohamed Amine Mahmoudi Profile Picture

Mohamed Amine Mahmoudi 100 Super User 2025 Season 1

#2
Community Member Profile Picture

Community Member 48

#3
shanawaz davood basha Profile Picture

shanawaz davood basha 6

Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans