Record-level security allows you to secure data at row level, effectively filtering data for a security role hiding data from the users assigned to that role. This is done by creating a query that the data must conform to. This can affect performance of the system, as we add additional work to the database, especially if we filter data on a column that is not indexed.
In this recipe, we will filter the data so that only the Goods in user role has access to supplier with the supplier group MAT – Material Suppliers.
We can open the record-level security form from a role or from the main menu. In this recipe, we will open the form from the menu. The process is identical for either of the options.
We need to be logged in to AX as a system administrator and have knowledge of the tables we need to filter. We should also check with a developer whether the data we are going to filter has appropriate indexes.
We can set up record-level security by performing the following steps:
- Navigate to System administration | Setup | Security | Record level security. The current list of roles and secured tables are displayed.
- Click on New.
- Click on Next on the first page of the Record level security wizard.
- Select the role to add the record level security to, in this case, Goods in user and click on Next.
- Expand General ledger and scroll down to Suppliers (VendTable). The label is normally unique, but in this case there are two suppliers, the correct one has the table name VendTable in parentheses, as shown in the following screenshot:
- Check the Suppliers (VendTable) element and click on Next.
- On the final page, click on Finish. The form will close and show the newly added table(s) in the Record level security form as follows:
- Click on Query on the Record level security form, which will open the advanced query editor.
- In the advanced query editor, a default row will have been created for the primary key; change the field from Supplier account to Group, as shown in the following screenshot:
- Enter the supplier group to filter the table in the Criteria field; use the drop-down list, as this field will let you enter invalid options.
- Click on OK to save the changes to the query.
You can close the Record level security form or continue to add more role/table combinations.
When the system accesses data, it will check if any of the roles that the user is assigned to has record-level security configured.
If this is configured, the query is applied to the data source (be it a form, a drop-down list, a report, or a web form) in the same way as it can be done electively from the form. The difference is that the query ranges added are not visible to the user, and they have no hint that the data is filtered. The user has no way to change the filter to include these hidden results, regardless of their security role, except by changing the record-level security.