Extensible data security framework
To grant access to tables, fields, and rows in the finance and operations apps user interface, authorization is used. To restrict or deny access to those elements, you need to use data security. You can assign data security policies to security roles by using the extensible data security (XDS) framework.
XDS is an evolution of record-level security (RLS) that was available in Microsoft Dynamics AX 2012 and earlier versions. The XDS framework in finance and operations apps allows you and the administrators at your organization to help secure data in shared tables in such a way that users will have access to the part of the table that is allowed by the enforced policy. XDS policies are enforced, regardless of whether data is being accessed through the finance and operations apps cloud-based application, an SQL Server Reporting Services (SSRS) report, or other services.
The flow for an XDS policy is as follows:
- Start with a query to define the filters or limits that should be placed on the primary table or tables.
- Create a security policy that links to the query and primary table for which you want to restrict data access.
- Define the context for the rule. This could be based on a string, which would require additional development, or based on a role or group of roles.
- Define the list of constrained tables, which are related tables that store data from the primary tables for which you are attempting to restrict a subset of data.