Implementing Data Level, Record Level Security (XDS) in Dynamics 365 Finance and Operations

  Implementing Data Level, Record Level Security (XDS) in Dynamics 365 Finance and Operations

Security is a crucial aspect of Dynamics 365 Finance and Operations. Developers must ensure that appropriate security measures are implemented to restrict access to sensitive data. One way to achieve this is through the Extensible Data Security (XDS) framework, which allows for data-level and record-level security. Here's a step-by-step guide on how to implement XDS in D365.

Step-by-Step Guide

1. Understanding the Components

• Policy Query: Defines rules to specify data access restrictions.
• Constrained Table: The table that is subject to data-level security constraints.
• Primary Table: Contains the core data to be secured.
• Role Context: Specific roles assigned to a user.
• Application Context: Additional criteria for filtering data based on specific application conditions.

2. Adding a New User and Assigning Roles

1. Navigate to System Administration > Users > Users.
2. Click on New to add a new user and fill in the necessary details.
3. Assign the role of System User and any other relevant roles (e.g., Purchasing Manager).
   
   

3. Create a New Project in Visual Studio

1. Open Visual Studio and create a new project.
2. Name the project appropriately.

4. Creating a Query

1. In your project, right-click on the project and select Add > New Item.

2. Navigate to Data Model > Query and give it an appropriate name (e.g., PurchOrderSecurityQuery).

3. Configure the Data Source:

   • Add SysUserInfo as the data source.
   • Set the properties for SysUserInfo:
     • Label: Provide a label.
     • Dynamic Fields: Set to Yes and then No.

4. Apply a Range:

   • Add the primary table (e.g., PurchTable).
   • Right-click on the data source and add a range.
   • Set the range properties:
     • Field: Set the field to filter on (e.g., CreatedBy).
     • Value: Set to currentUserId() to filter records by the currently logged-in user.

5. Creating a Security Policy

1. In the Application Object Tree (AOT), navigate to Security > Policies.
2. Create a new security policy (e.g., PurchOrderSecurityPolicy).
3. Set the properties of the security policy:
   • Label: Provide a label.
   • Query: Set to the query created earlier (e.g., PurchOrderSecurityQuery).
   • Primary Table: Set to PurchTable.
   • Constrained Tables: Add the constrained table and set appropriate properties.

6. Creating a New Security Role

1. In Visual Studio, create a new security role (e.g., PurchOrderSecurityRole).
2. Set the properties of the security role and link it to the security policy created earlier.
3. Build and deploy the code.

7. Assign the Role to the User

1. Navigate to System Administration > Users > Users.
2. Select the user and assign the new security role (e.g., PurchOrderSecurityRole).

Conclusion

By following these steps, you can create data-level and record-level security in Dynamics 365 Finance and Operations. This involves creating a security policy, defining a query, and setting up a security role to ensure that users can only access data they are authorized to see.