Manage record level security
Record level security builds on the restrictions enforced by user group permissions. With user group permissions, you restrict which menus, forms, and reports that members of a group can access. Record level security enables you to restrict the information that is shown in reports and on forms.
The following examples demonstrate how you can use record level security.
Allow members of a Sales user group to see only the accounts they manage.
Prohibit financial data from appearing on forms or reports for a specific user group.
Prohibit account details or account IDs from appearing on forms and reports for a specific user group.
Restrict form and report data according to location or country/region.
Before you begin
The process of setting record level security involves selecting a database table in the Record Level Security Wizard. Tables store the data shown in reports and on forms. You might find it helpful to work with a developer who has knowledge of the database tables while configuring record level security. The developer can help you choose the table that directly corresponds to the report or form elements to which you want to restrict access.
Also, verify the following before you begin:
Does the user group that will be assigned record level security already exist or do you have to create a new user group? For information about how to create a new user group, see Manage user groups.
Does the user group have at a minimum View permission for the report or form? If, for example, a Finance user group does not have any access permission for the General Ledger module, then it does not make sense to assign record level security to any report or form in that module because the group cannot access those reports/forms. For information about group permissions, see Manage security permissions for user groups and domain combinations.
Setting record level security
Setting record level security is a two-part process. The first part involves selecting a user group and the appropriate database table using the Record Level Security Wizard. The second part involves creating a query that specifies the fields and criteria to be applied when record level security is enforced.
Use the Record Level Security Wizard
From a Microsoft Dynamics AX client, click Administration > Setup > Security > Record level security.
Press CTRL + N to open the Record Level Security Wizard.
Select a user group and then click Next.
Select a table. By default, the most frequently accessed database tables are shown. Click Show all tables to expand the selection. Click Next.
Create a query
In the Record level security dialog box, select the user group and then click Query. The Inquiry dialog box appears. The Range tab shows some of the common fields for the specified table. Specify the fields to be shown to the selected user group on the report or form.
Select the first item listed on the Range tab. If no item is listed, press CTRL + N.
Use the Field menu to select the field that you want to show on the form or report.
Use the Criteria menu to select the criteria for the designated field. If no menu appears, enter the designated criteria.
As necessary, press CTRL + N to add fields and criteria.
Inform members of the selected user group that they must close their current client sessions and start a new session. If it is necessary, end active sessions from the ** ** form. For information about how to end active sessions, see Monitor users.
Verify that record level security is enforced on the report or form by logging on to Microsoft Dynamics AX as a member of the specified user group. You should see only the information specified in the query for the designated criteria. If you see additional information, troubleshoot your query.