Enabling field level authorization in Dynamics AX 2012

Many of you might be familiar with the Table Permissions Framework (TPF) that is present in AX 2009 as well as AX 2012. Some documentation about the table permissions framework can be found http://msdn.microsoft.com/en-us/subscriptions/hh965683.aspx. In AX 2009, the Table Permissions Framework is applicable only at the table level. However, in AX 2012, it can be extended to the field level as well. This blog post explains how you could achieve this.

 1. In the AOT, for a given table, set the AOSAuthorization property to CreateReadUpdateDelete (as shown below)


Note that there are other possible values for this property, but this is the only value for which field level TPF is activated.

 2. Save the changes to the table

 3. Create a new field or open an existing field. You’ll notice that the AOSAuthorization property becomes available and its value can now be set.

 A user accesses data from a table through the various privileges that he has. In a given table, certain fields may be marked such that the user does not have access to them. If such a table is TPF (with CreateReadUpdateDelete) and the AOSAuthorization property for a field is set to Yes, then the data from the fields is trimmed if the user does not have access
to that field. To be specific, if the field is set to Yes and user does not have access to that field then 

a) data will be trimmed when sending table buffer to client
b) any query that tries to filter data based on that field will be rejected

If the field is set to No, then no special processing is done for the field and no trimming is done on the field.