Record level security

Finance and Operations/AX Technical Forum
1

Hi everyone,

I am working on “record level security” concept and i am unable to understand use of it even i went through some documents. Can any one please help me on this with real time examples or any docs…[:(]

2

RLS (Record Level Security) - with the help of this you can give authorizations to work or access only a specific data(user required data). It enables the data security among multiple business users. You may have some sensitive data which should not be visible to all the users and only a few need to have the access to it then with the help of RLS you can restrict the users accessing the data.

Suppose you have multiple sites - and your purchase orders are created sitewise. Purchase Orders created in one site should be accessed to some users and not to the other users. In this case you can make use of RLS to provide data restrictions…

*** You can cofigure the RLS only user group wise. It is not possible to configure user wise…

3

HI Siva, I guess you have got the idea that RLS can be used to restrict information shown on forms and reports as Kranthi has described the concept nicely. I’ve put together some steps to implement it.

  1. Make sure you have the user group already created, to set RLS on.

  2. Open up the RLS wizard from Administration - Setup- Security - Record Level Security

  3. Select the User group you want to set RLS on.

  4. Select the table and hit finish.

Now that you have the RLS enforced on the table, you can click Query option and specify list of fields on the Range tab that you want to show on forms and repors for the selected user group.

Hope that helps. Thanks.

4

Hi Kranthi and kartik,

Thanks for giving information about RLS.

I tried RLS with a small scenario but i could not the result.

Scenario:

I have created 2 user groups, One is Sales1 & Sales2. all Users from Sales1 group will see/access the data from custTable only when the customer group is 10.

Sales2 group for the Customer group is 20.

As you said, I created 2 records by using RLS wizard and i put required ranges in the Query from. Then i created a report which will display the just customer data.

but when i try to run this report (login with user how is in Sales1 group) the system displaying all records irrespective customer group.

Even i put “element.query().recordLevelSecurity(true);” in fetch method.

can you please tell me how can i get records based on Customer Group.

5

Does these users belongs to any other User Groups???

6

No…

7

Are you trying in the same company where you have configured the RLS?

8

Hi Siva,

Record level security is a concept for securing record in axapta in level field.

For example, you have policy in company, some users can see all transaction in specific dimension (table Dimension).

So what you have to do is :

Create user group for these user.

Create record level security for that group. Just table Dimension.

Create some query in the table Dimension, for example, Dimension : 50.

After you completed the record level security, every time user in that group login. He/she just can see all transaction in Dimension 50.

Hope this help

9

Hi Kranthi,

I’ve configure the RLS and it’s perfectly fine. I configured it for Sales quotations and my requirement is that users should be able to see the records which are created only by them. i.e., User A should see only the records created by user A, similary B should see only the records created by “B”. I queried using “Created by” field.

Problem is it’s showing the records user wise but user is not able to create a new record in the quotations form. Any suggestions pls

10

Hi Kranthi,

I’ve configured the RLS and it’s perfectly fine. I configured it for Sales quotations and my requirement is that users should be able to see the records which are created only by them. i.e., User A should see only the records created by user A, similary B should see only the records created by “B”. I queried using “Created by” field.

Problem is it’s showing the records user wise but user is not able to create a new record in the quotations form. Any suggestions pls

11

I think it wont work on created by, the CreatedBy will be updated by the kernel during the actual insert but prior to that the security check will happen.

Apply security on the sales responsible which is the employee attached to the User.

12

hi guys i m getting an issue regarding security of customer groups to specific user. i have assigned a specific customer group to a user through record level security but on loging in of tht user it shows all customer groups.

13

Greetings,

We have similar requirement. I have researched on Record Level Security past 1 week, however I am not able to get the required result. I would appreciate if you will help me resolve this issue.

Thanks,

14

Hi Mohan and Kranthi,

As you were doing, I also have work that I want to restrict sales order through user wise in AX 2009. I have lots of users and I want that every user can see his own sales order only that they have created.

I tried to use Sales Responsible field in query of Record Level Security. But I found that we can restrict only one user through this.

How can I do this for all users?

Thanks

15

I want to restrict sales order through user wise in AX 2009. I have lots of users and I want that every user can see his own sales order only that they have created. can it possible tell me.

16

Do you have any sequence number or sales order identification by users. If its there then you can restrict user by sales order wise.

17

Hi Ameen,

Sales Responsible field contains employees which is attached to user. We can apply this on one user but dont know how to apply this for multiple users.

If anybody know. please help

18

Class detraction

Querybuildrange qbruser;

public void executeQuery()

{

qbruser.value(queryvalue(curuserid()));

super();

}

public void init()

{

super();

qbruser = this.query().dataSourceName(‘SalesTable’).addRange(fieldnum(SalesTable,createdby));

}

19

Record level Security in ax 2009

1.First fall we have to navigate CEU/Administration/Administration Area

  1. . Exclude some user in Administrator user group

3 Create user group I have create S3_RLS

  1. Navigate to CEU/Administration/Administration Area/Setup/security click

5.Then click query button. One windows present on your screen like. Click on button ok.

Table Sales order

Field Recipient

Criteria (currentemployeeid());

  1. Navigate to CEU/Accounts receivable/Accounts receivable Area.

End user can only see there related records only.

Record level Security in ax 2009

1.First fall we have to navigate CEU/Administration/Administration Area

  1. . Exclude some user in Administrator user group

3 Create user group I have create S3_RLS

  1. Navigate to CEU/Administration/Administration Area/Setup/security click

5.Then click query button. One windows present on your screen like. Click on button ok.

Table Sales order

Field Recipient

Criteria (currentemployeeid());

  1. Navigate to CEU/Accounts receivable/Accounts receivable Area.

End user can only see there related records only.

7217.S3Record level Security in ax 2009 manual New 652014.docx (1.24 MB)

20

http://dynamicsuser.net/forums/p/68493/418929.aspx#418929