Notifications
Announcements
No record found.
Hi experts,
I have a custom AX able where i will be storing confidential data which i do not even want Admin to see vi a direct SQL access when they move Axdb across environments or with their sys admin access in the application.
Only authorized sec roles should be able to see data in plain format via the application & no one else not even sys admin could see this.
Please suggest how can i achieve this.
Thanks
Mav
Hi Mav,
Is that credit card data that you want to conceal?
Best regards,
Ludwig
Not exactly but some finance confidential data which no one else from authorized security role should be able to see , not even sys admin via application or in sql.
I remember possibly doing something similar in D365 where i was able to use Global::handleEncryptedTablePreInsert(this); method which are not available in Ax2012.
Mav.
Please check this link. Is this something that you can implement?
Was just wondering that even if we achieve that only particular sec role should be able to see it , then there is a risk of admin assigning that role in non prod & see this data. So not sure if encrypt/decrypt would work.
May be something like hashing , not sure though. Is there something in Ax which Admin can never ever see via sql studo & via application ?
Or an approach like below
1>Ensure that no admin role can access the data in the Prod environment via application & SQL.
2>When moving Axdb from prod to non prod , have a script to run delete from so as to delete all the data in the concerned table.
Please suggest a full proof solution
What if you have a validation of some sort when this role is assigned to the user? This could be done at the table level where not everyone is allowed to add this particular role to the users. Maybe you could hide this role from all the other admin users apart from the authorized user(s) as well.
This might need some hardcoding and might not be full proof if users can go and change the code in the backend.
You will need to implement #2 anyway as this data should only be available in Prod.
Hi Mav.
Before putting much effort into this, I wonder whether you need to have those data in AX?
If you don't need them in AX and can keep and track them outside then there is no need to keep the data concealed.
Would that be an option?
Hi Dr Ludwig,
Data has to be in Ax :-(
Hi Experts,
Anyone any idea for achieving this data concealment from admin via sql dB and application.
If hashing /hashkey can achieve this then Any example within ax where it stores hashkey
Hi Mav;
I would go for a public private key approach, meaning data is stored in sql encrypted and the private key is not stored in the system. Each user (assuming upper management) have a private key to decrypt data.
To achieve it think of it this way, the user executes a script and the script asks for the private key, if correct key is inserted the data is decrypted for their viewership.
Please share example for reference.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Martin Dráb 544 Most Valuable Professional
André Arnaud de Cal... 450 Super User 2025 Season 2
Sohaib Cheema 250 User Group Leader
