Wednesday 2 March 2016

XDS security

Security policies - Developing an XDS Policy

The following walkthrough will show how to create a security policy that limits users from viewing other user’s prospects. This can be seen a lot in a sales environment, where one sales person does not want the other to see his/her prospects, well who wouldn’t?

So for this example, we are going to use the smmBusRelTable where leads can hopefully become the future buyers of our products.

A lead/prospect is stored in smmBusRelTable, and the employee who is responsible for the prospect is stored in the MainContactWorker field. In AX 2012, an employee is connected to the current user through the DirPerson and DirPersonUser tables.

There are two stages in creating the XDS policy:

1- Create the policy query.
2- Create the security policy.

Creating a Policy Query

The steps to create the policy query are as follows: 

  • In the AOT, create a new query, rename it to HcmWorkerUser. 
  • From a second AOT, locate the table Data Dictionary > Tables > HcmWorker. Drag the table HcmWorker to the Data Sources node of the query. 
  • In the property sheet of the Fields node of the HcmWorker_1 data source, set theDynamic property to Yes. 
  • From the second AOT (Press CTRL + D to open a new AOT), locate the table Data Dictionary > Tables > DirPerson. 
  • Drag the table DirPerson to the Data Sources node of the HcmWorker_1 data source. 
  • In the property sheet for the DirPerson_1 data source, set the Relations property toYes. 
  • In the property sheet for the Fields node of the DirPerson_1 data source, set the Dynamic property to Yes. 
  • From the second AOT, drag the table DirPersonUser to the Data Sources node of theDirPerson_1 data source. 
  • In the property sheet for the DirPersonUser_1 data source, set the Relations propertyto Yes. 
  • In the property sheet for the Fields node of the DirPersonUser_1 data source, set theDynamic property to Yes. 
  • Right-click the Ranges node of the DirPersonUser_1 data source, and select New Range. 
  • In the property sheet for the new range, set the Field property to User, and the Value property to (currentUserId()) as it appears. 
  • Save your changes to the query. 


Creating a Security Policy

Follow these steps to create the security policy: 

In the AOT, expand the Security node. 

  • Right-click the Policies node and select New Security Policy. 
  • In the property sheet for the security policy, set the Name property toSmmBusRelUser, set the Label property to Limit Prospects by User, set the Primary Table property to HcmWorker, set the Query property to HcmWorkerUser, set the ContextType property to RoleName, set the RoleName property toTradeSalesRepresentative, and set the Enabled property to Yes. 
  • Expand the SmmBusRelUser security policy. 
  • Right-click the Constrained Tables node and select New > Add table by relation. 
  • In the property sheet for the new constrained table, set the Table property tosmmBusRelTable, set the TableRelation property to MainContactWorker. Save your changes to the policy. 


Now, if you were to login with the name of a sales person, you could see that you will only have access (view) your prospects because when creating the policy query we set the currentUserId() to the value of the query range. Also, because a user is related in DirPerson and DirPersonUser tables, the policy is able to associate the user id with records in the smmBusRelTable.


No comments:

Post a Comment