Dynamics AX 2012 Security Profiles

Posted on: October 28, 2015 | By: Jarrod Kraemer | Microsoft Dynamics AX/365

Written by Craig Leska – Sr. Technical Consultant at Logan Consulting

Did you know that you can restrict data to users using the Extensible Data Security (XDS) security policies within Dynamics Ax?

Using a security policy within Ax is nothing more than creating an Ax query, creating a security policy and setting some properties. In this walkthrough we can create a simple policy that restricts Customer Service Representative Level 1 from viewing International customers.

First we will create an AOT query. In the AOT query node, right click on New Query and call it MyRestrictedIntlCustPolicy. Add the following property to this query as shown below.

Query properties

Title: My restricted Intl' customer policy

Data source: Table = CustTable

Data Source fields: Dynamics = Yes

Range: Field = CustGroup; Value = !90


Your query should look like this when complete.

 Next we create a Security Policy.

In the AOT Security/Policies node, right click on New Security Policy and call it MyRestrictedIntlCustPolicy. Set the properties to the following.

Name: MyRestrictedIntlCustPolicy

PrimaryTable: CustTable

Query: MyRestrictedIntlCustPolicy

ConstrainedTables: Yes

Enabled: Yes

Operation: All operations

ContextType: RoleName

RoleName: TradeCustomerServiceRepresentativeLvl1*


*TradeCustomerServiceRepresentativeLvl1 is a custom role of Customer Service Representative Level 1.

Your policy should look like the following:

Since we specified Context type of RoleName with the AOT role name of TradeCustomerServiceRepresentativeLvl1 or Customer Service Representative Level 1, any users in this group will be unable to view customers with CustGroup of 90, which is International Customers in the Contoso dataset. If you recall, we used the range of “!90” in our AOT query, which this security policy is based on. This query will return all customers not in the 90 CustGroup per our requirements.


Validating the policy works as intended

Craig is in the role of customer service rep – Level 1. He should not be able to see any international customers. Logging on as “Craig” validates he cannot view International customers.

This is a quick example of how to use the XDS to create a role context security policy and restrict data to users within a group.

For additional information please feel free to reach out to us at info@loganconsulting.com or (312) 345-8817. 

All the best! 
Logan Consulting 

2020 Nucleus Research Report on ERP Technology

Free Download:

2020 Nucleus Research Report on ERP Technology

Download the guide ›