What is Extensible Data Security in D365 FO?
The XDS framework is a feature of D365FO and AX 2012, enabling users to supplement role-based security and enable access to tables to be subject to policy restrictions. This feature was an evolution of the security level in previous Dynamics AX versions.
Simply put, xds sends a WHERE (or ON) statement to a table based on parameters from another related table on each SQL SELECT, UPDATE, DELETE, or INSERT statement.
Dynamics 365 finance and operations encryption
Microsoft utilizes encryption technology to secure client data in SQL Server databases and Azure Storage while it is in transit.
To conduct real-time data encryption when written to the disc at rest, all instances use Microsoft SQL Server Transparent Data Encryption (TDE) and Azure Storage encryption.
Server-side encryption with service-managed keys is used in Finance and Operations apps. Microsoft manages all aspects of key management, including key issuance, rotation, and backup.
How to apply Dynamics 365 Finance and Operations extensible data security based on the current user
Some of the queries relevant to extensible data security dynamics 365 come as:
- ‘I only want a user to be able to access sales orders, vendors, and customers that they created.’
- ‘Users should only be able to read records for which they are approvers.’
We need the XDS to be deployed against the current user logged into the system in each of these scenarios. So, if you want to add a user to dynamics 365 finance and operations, follow the process.
Scenario for Testing
Today’s test scenario is that a user should only be able to communicate with vendors that they have created.
The first step is to create our query; in this example, we’ll need to use a data source table that contains user IDs because we’ll be comparing results against them. The apparent option is the UserInfo table, but I discovered that trying to use it caused an error because X++ considered it to be a “kernel table.” Instead, I used the SysUserInfo table, which contains user IDs as well.
After selecting SysUserInfo as the Data Source, the following step is to select the Range to be used. To get the user ID in this scenario, we’ll utilize the current user id() method. One thing to keep in mind is that this value must be included in parenthesis. If you don’t do so, the value will be treated as a string, and the user Id will not be resolved.
This CreatedByQuery can also be reused by other security policies as needed.
The Next Step:
The next step is to build up the security policy; in this case, we’ll use the CreatedByQuery from the previous stage as the Query and construct a Context String so we can apply it to a role later. If you want this XDS to be applied to all Read, Update, Create, and Delete functions, make sure to set the primary table to SysUserInfo and the Operation field to AllOperations.
Setting the constrained table is the final step in creating the security policy; however, because there is no native database relation between the VendTable and the SysUserInfo table, we will actually write a constrained expression in this case. We put the relation clause we wish to use to link the tables in the value property. It’s worth repeating that this value must be enclosed in parenthesis.
Now that we’ve developed our query and security policy, the final step is to apply this XDS policy to a security role. In this situation, I built a custom role and set the role’s Context String to the security policy’s Context String. This means that any user with this role will have the XDS policy applied to them automatically.
Extensible Data Security (XDS) Examples:
Secure Legal Entities
When you apply security roles to organizations, users can still see all of them in the Legal entities form by default. This policy offers the ability to restrict access to only those users that have been assigned to the user.
Security of Warehouse
This example demonstrates how record-based security can be implemented on warehouses and sites. The warehouses linked to a user are specified using a special setup form.
Security of Retail Channel
The organization hierarchies, security organization assignment, and XDS are all combined in this scenario. This is a compelling example that may serve as motivation for you.
If you are looking for more information about field-level security in dynamics 365 finance and operations or record-level security in d365, you have a team of experts with you – ready to help. So, Get in touch with DFSM now.