web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Issue with XDS Securit...
Microsoft Dynamics AX (Archived)

Issue with XDS Security Policy in Dynamics AX 2012

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

Greetings!!

A brief background - We are using custom security roles and policies (using XDS Framework) in this implementaion. We have created a security policy query on DimensionAttributeValueCombination table as shown below, it's a simple filter on LedgerDimensionType and DisplayValue (Please see the ranges in Screenshot 2)

Screenshot# 1 (Security Policy Query) :

8640.2.PNG

Screenshot# 2 (Query Ranges/Filter):

3858.3.PNG

Now, going one level up, to security Policy,  Please see the below screenshots for the definition of our Security Policy and Constrained tables within it.

Screenshot# 3: (Security Policy)

1258.4.PNG

Screenshot# 4: (Security Policy(Constrained Tables))

1323.5.PNG

As you might have already seen in Screenshot# 3, the security policy is attached to ContextType RoleName and we have added a test user to that security role. So far, all good.

Now, when the user with the above security role logs in to AX and navigates to GL > Trial Balance, as expected the accounts are filtered based on the query ranges i.e. it brings all accounts which ends with -1-003 and -1-007 as expected. All good here.

But the trouble starts, when we go to forms like Free Text Invoices under AR, The user with the above role can create a new free text invoice header from AR > Free Text Invoices, but when they go to create an invoice line and select the main account from the drop down, the system just hangs, Also we have experienced similar issue when we try to select an account from GL > General Journal

Screenshot# 5: Free Text Invoice

 

I tried to debug and see the SQL query behind the scene via SQL Profiler and it tells me that the Security policy is in force and it's trying to do an insert into DimensionAttributeValueCombination table, but failing to do so because of the Security query, for testing purpose if i remove the security role from the user's login or try posting the free text invoice as a system admin, it works (because obviously the security policy is not in force)

Is there anything being done wrong above? I also tried disabling the security policy via code i.e. going to CustInvoiceform and using xds.SetXDSContext(0." ") to bypass the security, but this is not working. I also tried disabling the security policy in table methods before insert or validatewrite, but no results.

I checked the forums before posting here and found some interesting posts on XDS Framework, but haven't been answered fully. Like the one where we can have a dynamic query would be nice to have.

http://community.dynamics.com/ax/f/33/t/97472.aspx 

https://community.dynamics.com/ax/f/33/t/100072.aspx

http://community.dynamics.com/ax/f/33/t/88603.aspx

Any recommendations or suggestions are welcome. TIA

Cheers,

Dilip

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Hi Dilip

    I have seen the same issue when securing the dimension tables, it was reproducible on a different form but exactly same pattern. After debugging on Visual Studio and using Trace Parser I found out that was doing inserts on dimensions that already exists on the aplication, it was coming from:

    \Classes\DimensionStorage ::saveOnServer

    \Classes\DimensionStorage ::savePrivate

    On this case we found that the cause was that the XDS policy wasn't developed properly, and was contraining access to data which shoudn't.I would recommend to double check the accuracy of the XDS subquery on this specific scenario.

    I hope this helps

    Pere Turegano

    AX Support Engineer

  • Community Member Profile Picture
    Community Member on at

    Thanks Pere for your comments.

    I did some research around this and have found that both RoleName and ContextString can't co-exist together i.e. if we want on-demand security on some forms, then it's possible through ContextString only. I have updated my findings in my blog

    daxdilip.blogspot.com.au/.../issue-with-security-policy-in-dynamics.html

    Please note, my XDS query works fine in many places but in CustInvoiceForm it just hangs the screen, and none of the CustInvoice realted tables are part of constrainted tables in the Security Policy

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
CP04-islander Profile Picture

CP04-islander 39

#2
Michel ROY Profile Picture

Michel ROY 14

#3
imran ul haq Profile Picture

imran ul haq 8

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans