Deprecated: Record-level security


This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

Record-level security (RLS) builds on the restrictions that are enforced by user group permissions. User group permissions let you restrict the menus, forms, and reports that members of a group can access. RLS lets you restrict the information that is shown on reports and in forms.




Reason for deprecation

This feature will be deprecated in the next version of Microsoft Dynamics AX. It is still functional in the current version. A new framework for data security, Extensible Data Security (XDS), provides all the functionality that the record-level security feature provided. However, XDS also provides more security controls and provides major functionality that is missing from the RLS feature.

Replaced by another feature

Yes. The feature was replaced by the Extensible Data Security feature, which provides all the capabilities that record-level security provided. In addition, XDS lets developers write more powerful queries to restrict the data that users can access. The restrictions are more secure, and are applied not only to the UI but also at the server level. The restrictions can be based not only on the fields in the table that users are accessing but also on data in other tables. This capability becomes increasingly important as the tables become more normalized in each version.

For more information about data security in Microsoft Dynamics AX 2012, see What's new: Role-based security and the Developing Extensible Data Security Policies for Microsoft Dynamics AX 2012 white paper.

Modules affected


Changes to installation

This change does not affect application installation.

Changes to upgrade

The existing record-level security conditions are not automatically migrated to the new model, because these conditions are based on user groups and companies, whereas the new security framework is global. Because of the limitations of the framework, RLS conditions were very granular. However, conditions can now be written more efficiently. Therefore, it makes sense to manually convert them to the new framework.